Vulnerabilites related to Symantec - Messaging Gateway
var-201809-0138
Vulnerability from variot
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. Symantec Messaging Gateway Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Versions prior to Messaging Gateway 10.6.6 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0138",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "symantec",
"version": "10.6.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.5.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.6"
}
],
"sources": [
{
"db": "BID",
"id": "105329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Artem Kondratenko, Arseny Sharoglazov, Alexey Osipov from Kaspersky Lab Security Services @kl_secservices",
"sources": [
{
"db": "BID",
"id": "105329"
}
],
"trust": 0.3
},
"cve": "CVE-2018-12242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-12242",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-122182",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12242",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12242",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-12242",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-889",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122182",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. Symantec Messaging Gateway Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nVersions prior to Messaging Gateway 10.6.6 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12242"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "BID",
"id": "105329"
},
{
"db": "VULHUB",
"id": "VHN-122182"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12242",
"trust": 2.8
},
{
"db": "BID",
"id": "105329",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122182",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122182"
},
{
"db": "BID",
"id": "105329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
}
]
},
"id": "VAR-201809-0138",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122182"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:58:55.345000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1461",
"trust": 0.8,
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"title": "Symantec Messaging Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85008"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.symantec.com/en_us/article.symsa1461.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/105329"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12242"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12242"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122182"
},
{
"db": "BID",
"id": "105329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122182"
},
{
"db": "BID",
"id": "105329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-122182"
},
{
"date": "2018-09-19T00:00:00",
"db": "BID",
"id": "105329"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"date": "2018-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-889"
},
{
"date": "2018-09-19T15:29:19.110000",
"db": "NVD",
"id": "CVE-2018-12242"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-122182"
},
{
"date": "2018-09-19T00:00:00",
"db": "BID",
"id": "105329"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"date": "2018-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-889"
},
{
"date": "2024-11-21T03:44:50.790000",
"db": "NVD",
"id": "CVE-2018-12242"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
],
"trust": 0.6
}
}
var-201212-0025
Vulnerability from variot
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. (1) brightmail/export of .. An attacker can exploit these issues to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks. Symantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. By (1) adding .. to the localBackupFileSelection parameter in the APPLIANCE restoreSource operation and sending it to brightmail/admin/restore/download.do, remote attackers use The vulnerability reads arbitrary files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201212-0025",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "9.5 and 9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3-3"
}
],
"sources": [
{
"db": "BID",
"id": "56789"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005666"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-068"
},
{
"db": "NVD",
"id": "CVE-2012-4347"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005666"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Williams",
"sources": [
{
"db": "BID",
"id": "56789"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4347",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-4347",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-57628",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4347",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-4347",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201212-068",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57628",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57628"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005666"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-068"
},
{
"db": "NVD",
"id": "CVE-2012-4347"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. (1) brightmail/export of .. \nAn attacker can exploit these issues to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks. \nSymantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. By (1) adding .. to the localBackupFileSelection parameter in the APPLIANCE restoreSource operation and sending it to brightmail/admin/restore/download.do, remote attackers use The vulnerability reads arbitrary files",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4347"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005666"
},
{
"db": "BID",
"id": "56789"
},
{
"db": "VULHUB",
"id": "VHN-57628"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-57628",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57628"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4347",
"trust": 2.8
},
{
"db": "BID",
"id": "56789",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005666",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201212-068",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "23110",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76888",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-57628",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57628"
},
{
"db": "BID",
"id": "56789"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005666"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-068"
},
{
"db": "NVD",
"id": "CVE-2012-4347"
}
]
},
"id": "VAR-201212-0025",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-57628"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:53:29.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Symantec Messaging Gateway powered by Brightmail",
"trust": 0.8,
"url": "http://www.cybernet.co.jp/symantec/products/msg/smg.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005666"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57628"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005666"
},
{
"db": "NVD",
"id": "CVE-2012-4347"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/56789"
},
{
"trust": 1.3,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4347"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4347"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/messaging-gateway"
},
{
"trust": 0.3,
"url": "http://www.nccgroup.com/en/learning-research-centre/security-testing-audit-compliance-resources/technical-advisories/symantec-messaging-gateway-arbitrary-file-download-is-possible-with-a-crafted-url/#"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=2012\u0026amp;suid=20120827_00"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57628"
},
{
"db": "BID",
"id": "56789"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005666"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-068"
},
{
"db": "NVD",
"id": "CVE-2012-4347"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-57628"
},
{
"db": "BID",
"id": "56789"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005666"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-068"
},
{
"db": "NVD",
"id": "CVE-2012-4347"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-57628"
},
{
"date": "2012-12-01T00:00:00",
"db": "BID",
"id": "56789"
},
{
"date": "2012-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005666"
},
{
"date": "2012-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-068"
},
{
"date": "2012-12-05T11:57:14.850000",
"db": "NVD",
"id": "CVE-2012-4347"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-57628"
},
{
"date": "2012-12-01T00:00:00",
"db": "BID",
"id": "56789"
},
{
"date": "2012-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005666"
},
{
"date": "2012-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-068"
},
{
"date": "2024-11-21T01:42:43.280000",
"db": "NVD",
"id": "CVE-2012-4347"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-068"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005666"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-068"
}
],
"trust": 0.6
}
}
var-201208-0523
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Symantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta
TITLE: Symantec Messaging Gateway Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50435
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
RELEASE DATE: 2012-08-28
DISCUSS ADVISORY: http://secunia.com/advisories/50435/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50435/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Symantec Messaging Gateway, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting and request forgery attacks.
1) Certain input passed via web or email content is not properly sanitised before being returned to the user.
2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. gain administrative access when a logged-in administrative user visits a specially crafted web page.
3) An error within the management interface can be exploited to perform otherwise restricted actions and e.g. modify the underlying web application.
4) The weakness is caused due to the application disclosing detailed component version information.
The vulnerabilities are reported in versions 9.5.x and prior.
SOLUTION: Upgrade to version 10.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Williams, NGS Secure.
ORIGINAL ADVISORY: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0523",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "eq",
"trust": 2.5,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 2.5,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4496"
},
{
"db": "BID",
"id": "55138"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003967"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-556"
},
{
"db": "NVD",
"id": "CVE-2012-0307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003967"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Williams",
"sources": [
{
"db": "BID",
"id": "55138"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-556"
}
],
"trust": 0.9
},
"cve": "CVE-2012-0307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-0307",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-53588",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0307",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-0307",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-556",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-53588",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-0307",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53588"
},
{
"db": "VULMON",
"id": "CVE-2012-0307"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003967"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-556"
},
{
"db": "NVD",
"id": "CVE-2012-0307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nSymantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------\n\nThe new Secunia CSI 6.0 is now available in beta!\nSeamless integration with your existing security solutions Sign-up to \nbecome a Beta tester: http://secunia.com/csi6beta\n\n----------------------------------------------------------------------\n\nTITLE:\nSymantec Messaging Gateway Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50435\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50435/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435\n\nRELEASE DATE:\n2012-08-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50435/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50435/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and multiple vulnerabilities have been reported in\nSymantec Messaging Gateway, which can be exploited by malicious users\nto bypass certain security restrictions and by malicious people to\ndisclose certain sensitive information and conduct cross-site\nscripting and request forgery attacks. \n\n1) Certain input passed via web or email content is not properly\nsanitised before being returned to the user. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to e.g. gain administrative access\nwhen a logged-in administrative user visits a specially crafted web\npage. \n\n3) An error within the management interface can be exploited to\nperform otherwise restricted actions and e.g. modify the underlying\nweb application. \n\n4) The weakness is caused due to the application disclosing detailed\ncomponent version information. \n\nThe vulnerabilities are reported in versions 9.5.x and prior. \n\nSOLUTION:\nUpgrade to version 10. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Ben Williams, NGS Secure. \n\nORIGINAL ADVISORY:\nhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0307"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003967"
},
{
"db": "CNVD",
"id": "CNVD-2012-4496"
},
{
"db": "BID",
"id": "55138"
},
{
"db": "VULHUB",
"id": "VHN-53588"
},
{
"db": "VULMON",
"id": "CVE-2012-0307"
},
{
"db": "PACKETSTORM",
"id": "115966"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0307",
"trust": 3.5
},
{
"db": "BID",
"id": "55138",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003967",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201208-556",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "50435",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-4496",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20473",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-53588",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-0307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115966",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4496"
},
{
"db": "VULHUB",
"id": "VHN-53588"
},
{
"db": "VULMON",
"id": "CVE-2012-0307"
},
{
"db": "BID",
"id": "55138"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003967"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-556"
},
{
"db": "NVD",
"id": "CVE-2012-0307"
}
]
},
"id": "VAR-201208-0523",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4496"
},
{
"db": "VULHUB",
"id": "VHN-53588"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4496"
}
]
},
"last_update_date": "2024-11-23T22:23:22.776000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM12-013",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"title": "SYM12-013",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20120827_00"
},
{
"title": "Patch for Symantec Messaging Gateway Cross-Site Scripting Vulnerability (CNVD-2012-4496)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/20817"
},
{
"title": "Symantec Security Advisories: Symantec Messaging Gateway Security Issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f3a3464f4effaad7f7f5e4c3ef913cb3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4496"
},
{
"db": "VULMON",
"id": "CVE-2012-0307"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003967"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53588"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003967"
},
{
"db": "NVD",
"id": "CVE-2012-0307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/55138"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78031"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0307"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0307"
},
{
"trust": 0.6,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisoryhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50435"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20473"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/messaging-gateway"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=2012\u0026amp;suid=20120827_00"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26764"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50435/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/csi6beta"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50435/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4496"
},
{
"db": "VULHUB",
"id": "VHN-53588"
},
{
"db": "VULMON",
"id": "CVE-2012-0307"
},
{
"db": "BID",
"id": "55138"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003967"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-556"
},
{
"db": "NVD",
"id": "CVE-2012-0307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-4496"
},
{
"db": "VULHUB",
"id": "VHN-53588"
},
{
"db": "VULMON",
"id": "CVE-2012-0307"
},
{
"db": "BID",
"id": "55138"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003967"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-556"
},
{
"db": "NVD",
"id": "CVE-2012-0307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4496"
},
{
"date": "2012-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-53588"
},
{
"date": "2012-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0307"
},
{
"date": "2012-08-27T00:00:00",
"db": "BID",
"id": "55138"
},
{
"date": "2012-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003967"
},
{
"date": "2012-08-28T06:01:36",
"db": "PACKETSTORM",
"id": "115966"
},
{
"date": "2012-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-556"
},
{
"date": "2012-08-29T10:56:39.207000",
"db": "NVD",
"id": "CVE-2012-0307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4496"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-53588"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0307"
},
{
"date": "2012-08-27T00:00:00",
"db": "BID",
"id": "55138"
},
{
"date": "2012-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003967"
},
{
"date": "2012-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-556"
},
{
"date": "2024-11-21T01:34:46.130000",
"db": "NVD",
"id": "CVE-2012-0307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-556"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003967"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-556"
}
],
"trust": 0.7
}
}
var-201604-0088
Vulnerability from variot
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. Symantec Messaging Gateway is prone to a local password-disclosure vulnerability Local attackers can exploit this issue to disclose sensitive information. Information obtained may lead to further attacks. Versions prior to Symantec Messaging Gateway 10.6.0-7 are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. A security vulnerability exists in the management console of SMG Appliance versions prior to 10.6.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.6.0"
},
{
"model": "messaging gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
}
],
"sources": [
{
"db": "BID",
"id": "86137"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002356"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-365"
},
{
"db": "NVD",
"id": "CVE-2016-2203"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002356"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "karim reda Fakhir",
"sources": [
{
"db": "BID",
"id": "86137"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-365"
}
],
"trust": 0.9
},
"cve": "CVE-2016-2203",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2203",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-91022",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-2203",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-2203",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2203",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2203",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-365",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-91022",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91022"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002356"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-365"
},
{
"db": "NVD",
"id": "CVE-2016-2203"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. Symantec Messaging Gateway is prone to a local password-disclosure vulnerability\nLocal attackers can exploit this issue to disclose sensitive information. Information obtained may lead to further attacks. \nVersions prior to Symantec Messaging Gateway 10.6.0-7 are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. A security vulnerability exists in the management console of SMG Appliance versions prior to 10.6.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2203"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002356"
},
{
"db": "BID",
"id": "86137"
},
{
"db": "VULHUB",
"id": "VHN-91022"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-91022",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91022"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2203",
"trust": 2.8
},
{
"db": "BID",
"id": "86137",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "136758",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1035609",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "39715",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002356",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-365",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-91022",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91022"
},
{
"db": "BID",
"id": "86137"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002356"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-365"
},
{
"db": "NVD",
"id": "CVE-2016-2203"
}
]
},
"id": "VAR-201604-0088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91022"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:31:00.012000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM16-005",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160418_00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002356"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91022"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002356"
},
{
"db": "NVD",
"id": "CVE-2016-2203"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160418_00"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/86137"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39715/"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/136758/symantec-brightmail-10.6.0-7-ldap-credential-grabber.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035609"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2203"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2203"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/messaging-gateway"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20160418_00"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91022"
},
{
"db": "BID",
"id": "86137"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002356"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-365"
},
{
"db": "NVD",
"id": "CVE-2016-2203"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-91022"
},
{
"db": "BID",
"id": "86137"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002356"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-365"
},
{
"db": "NVD",
"id": "CVE-2016-2203"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-91022"
},
{
"date": "2016-04-18T00:00:00",
"db": "BID",
"id": "86137"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002356"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-365"
},
{
"date": "2016-04-22T18:59:05.223000",
"db": "NVD",
"id": "CVE-2016-2203"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-91022"
},
{
"date": "2016-07-06T14:31:00",
"db": "BID",
"id": "86137"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002356"
},
{
"date": "2016-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-365"
},
{
"date": "2024-11-21T02:48:02.083000",
"db": "NVD",
"id": "CVE-2016-2203"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "86137"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-365"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Appliance Encrypted in device management console AD Password acquisition vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002356"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-365"
}
],
"trust": 0.6
}
}
var-202002-0036
Vulnerability from variot
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.". Autonomy KeyView IDOL The library contains multiple vulnerabilities in the file parsing process. Autonomy KeyView IDOL Is 1000 A library that decodes these file formats and is used in many applications. Autonomy KeyView IDOL The library contains multiple vulnerabilities such as memory corruption and arbitrary code execution.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. ( DoS ) An attacker could be attacked or execute arbitrary code with application privileges. Failed attempts may result in a denial-of-service condition. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Autonomy KeyView File Processing Vulnerabilities
SECUNIA ADVISORY ID: SA51362
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51362/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51362
RELEASE DATE: 2012-11-21
DISCUSS ADVISORY: http://secunia.com/advisories/51362/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51362/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51362
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to errors when processing unspecified file formats and can be exploited to corrupt memory. No further information is currently available.
The vulnerabilities are reported in versions prior to 10.16.
SOLUTION: Update to version 10.16.
PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC
ORIGINAL ADVISORY: US-CERT VU#849841: http://www.kb.cert.org/vuls/id/849841
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "domino",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "8.5.0"
},
{
"model": "messaging gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "notes",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "data loss prevention endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "symantec",
"version": "11.6.1"
},
{
"model": "mail security",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "6.5.7"
},
{
"model": "data loss prevention endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "6.5.7"
},
{
"model": "notes",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "8.5.3"
},
{
"model": "data loss prevention enforce\\/detection servers",
"scope": "lt",
"trust": 1.0,
"vendor": "symantec",
"version": "11.6.1"
},
{
"model": "messaging gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "autonomy keyview idol",
"scope": "lt",
"trust": 1.0,
"vendor": "hp",
"version": "10.16"
},
{
"model": "domino",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "8.5.3.6"
},
{
"model": "data loss prevention enforce\\/detection servers",
"scope": "gte",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "8.1.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "autonomy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "emc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hyland",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lotus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nuance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "palisade",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trend micro",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustwave",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "verdasys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "websense",
"version": null
},
{
"model": "keyview idol",
"scope": "lt",
"trust": 0.8,
"vendor": "autonomy",
"version": "library 10.16 earlier"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2"
},
{
"model": "lotus notes fp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.0"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.1"
},
{
"model": "lotus domino 8.5.3fp1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "lotus domino fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.12"
},
{
"model": "keyview idol",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10"
},
{
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.0"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.2"
},
{
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "zimbra",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.5"
},
{
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.3"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "keyview idol",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.13.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "lotus domino 8.5fp1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "lotus domino fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "lotus domino 8.5.1fp5",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "lotus domino fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "lotus domino fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.6"
},
{
"model": "lotus notes fp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "BID",
"id": "56610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005584"
},
{
"db": "NVD",
"id": "CVE-2012-6277"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:autonomy:autonomy_keyview_idol",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005584"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Will Dormann",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-461"
}
],
"trust": 0.6
},
"cve": "CVE-2012-6277",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-6277",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.7,
"exploitability": "NOT DEFINED",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6277",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2012-005584",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-59558",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2012-6277",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6277",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6277",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2012-005584",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201211-461",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-59558",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005584"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-461"
},
{
"db": "NVD",
"id": "CVE-2012-6277"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to \"a number of underlying issues\" in which \"some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.\". Autonomy KeyView IDOL The library contains multiple vulnerabilities in the file parsing process. Autonomy KeyView IDOL Is 1000 A library that decodes these file formats and is used in many applications. Autonomy KeyView IDOL The library contains multiple vulnerabilities such as memory corruption and arbitrary code execution.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. ( DoS ) An attacker could be attacked or execute arbitrary code with application privileges. Failed attempts may result in a denial-of-service condition. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nAutonomy KeyView File Processing Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51362\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51362/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51362\n\nRELEASE DATE:\n2012-11-21\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51362/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51362/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51362\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Autonomy KeyView,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nThe vulnerabilities are caused due to errors when processing\nunspecified file formats and can be exploited to corrupt memory. No\nfurther information is currently available. \n\nThe vulnerabilities are reported in versions prior to 10.16. \n\nSOLUTION:\nUpdate to version 10.16. \n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann, CERT/CC\n\nORIGINAL ADVISORY:\nUS-CERT VU#849841:\nhttp://www.kb.cert.org/vuls/id/849841\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6277"
},
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005584"
},
{
"db": "BID",
"id": "56610"
},
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "PACKETSTORM",
"id": "118283"
},
{
"db": "PACKETSTORM",
"id": "118291"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#849841",
"trust": 3.8
},
{
"db": "BID",
"id": "56610",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2012-6277",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "51362",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1027799",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "87619",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005584",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201211-461",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "51365",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-59558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "118283",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "118291",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "BID",
"id": "56610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005584"
},
{
"db": "PACKETSTORM",
"id": "118283"
},
{
"db": "PACKETSTORM",
"id": "118291"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-461"
},
{
"db": "NVD",
"id": "CVE-2012-6277"
}
]
},
"id": "VAR-202002-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-59558"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-10T21:21:49.335000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Autonomy Global Offices",
"trust": 0.8,
"url": "http://www.autonomy.com/content/Autonomy/Offices/index.en.html"
},
{
"title": "IDOL\u30b3\u30cd\u30af\u30bf",
"trust": 0.8,
"url": "http://www.autonomy.co.jp/content/Technology/idol-functionality-information-connectivity/index.ja.html"
},
{
"title": "KeyView IDOL \u0026 Connectors",
"trust": 0.8,
"url": "http://www.autonomy.com/content/Products/idol-modules-connectors/index.en.html"
},
{
"title": "Security Advisories Relating to Symantec Products - Symantec Updates HP Autonomy Keyview Filter Issues Affecting Multiple Vendors",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026suid=20121120_00"
},
{
"title": "\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u30fc - \u8907\u6570\u306e\u30d9\u30f3\u30c0\u30fc\u304c\u5f71\u97ff\u3092\u53d7\u3051\u308b HP Autonomy KeyView Filter \u306e\u554f\u984c\u306b\u95a2\u3059\u308b\u66f4\u65b0 (SYM12-018)",
"trust": 0.8,
"url": "https://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20121120_00"
},
{
"title": "Micro Focus Autonomy KeyView IDOL Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110271"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005584"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-461"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6277"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.securityfocus.com/bid/56610"
},
{
"trust": 1.7,
"url": "https://support.symantec.com/us/en/article.symsa1262.html"
},
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=27482"
},
{
"trust": 1.7,
"url": "https://vulmon.com/vulnerabilitydetails?qid=cve-2012-6277"
},
{
"trust": 1.7,
"url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
},
{
"trust": 1.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
},
{
"trust": 1.7,
"url": "https://www.kb.cert.org/vuls/id/849841/"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/plugins/nessus/67192"
},
{
"trust": 1.3,
"url": "https://www.kb.cert.org/vuls/id/849841"
},
{
"trust": 1.2,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20121120_00"
},
{
"trust": 1.1,
"url": "http://www.autonomy.com/content/products/idol-modules-connectors/index.en.html"
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/technology/idol-functionality-information-connectivity/index.en.html"
},
{
"trust": 0.8,
"url": "https://customers.autonomy.com"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/2458544"
},
{
"trust": 0.8,
"url": "http://www.youtube.com/watch?v=28_lus_g0u4"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/id/1027799"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/show/osvdb/87619"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/51362 "
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/news/releases/2004/0803a.en.html"
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/news/releases/2008/0701.en.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu849841"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6277"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627992"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51362/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51362/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51362"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51365/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51365"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51365/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "BID",
"id": "56610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005584"
},
{
"db": "PACKETSTORM",
"id": "118283"
},
{
"db": "PACKETSTORM",
"id": "118291"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-461"
},
{
"db": "NVD",
"id": "CVE-2012-6277"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#849841"
},
{
"db": "VULHUB",
"id": "VHN-59558"
},
{
"db": "BID",
"id": "56610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005584"
},
{
"db": "PACKETSTORM",
"id": "118283"
},
{
"db": "PACKETSTORM",
"id": "118291"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-461"
},
{
"db": "NVD",
"id": "CVE-2012-6277"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-20T00:00:00",
"db": "CERT/CC",
"id": "VU#849841"
},
{
"date": "2020-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-59558"
},
{
"date": "2012-11-20T00:00:00",
"db": "BID",
"id": "56610"
},
{
"date": "2012-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005584"
},
{
"date": "2012-11-23T08:19:25",
"db": "PACKETSTORM",
"id": "118283"
},
{
"date": "2012-11-23T08:19:51",
"db": "PACKETSTORM",
"id": "118291"
},
{
"date": "2012-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-461"
},
{
"date": "2020-02-21T17:15:10.883000",
"db": "NVD",
"id": "CVE-2012-6277"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-28T00:00:00",
"db": "CERT/CC",
"id": "VU#849841"
},
{
"date": "2020-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-59558"
},
{
"date": "2013-03-22T18:56:00",
"db": "BID",
"id": "56610"
},
{
"date": "2012-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005584"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-461"
},
{
"date": "2020-03-04T20:18:25.227000",
"db": "NVD",
"id": "CVE-2012-6277"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-461"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers",
"sources": [
{
"db": "CERT/CC",
"id": "VU#849841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-461"
}
],
"trust": 0.6
}
}
var-202212-1053
Vulnerability from variot
An authenticated user can embed malicious content with XSS into the admin group policy page. Symantec's Symantec Messaging Gateway Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "symantec",
"version": "10.8"
},
{
"model": "symantec messaging gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30de\u30f3\u30c6\u30c3\u30af",
"version": null
},
{
"model": "symantec messaging gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30de\u30f3\u30c6\u30c3\u30af",
"version": "10.8"
},
{
"model": "symantec messaging gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30de\u30f3\u30c6\u30c3\u30af",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022591"
},
{
"db": "NVD",
"id": "CVE-2022-25630"
}
]
},
"cve": "CVE-2022-25630",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2022-25630",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-25630",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-25630",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-25630",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-2782",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022591"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2782"
},
{
"db": "NVD",
"id": "CVE-2022-25630"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated user can embed malicious content with XSS into the admin group policy page. Symantec\u0027s Symantec Messaging Gateway Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25630"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022591"
},
{
"db": "VULHUB",
"id": "VHN-416450"
},
{
"db": "VULMON",
"id": "CVE-2022-25630"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25630",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "171781",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022591",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "51342",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2782",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-416450",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-25630",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416450"
},
{
"db": "VULMON",
"id": "CVE-2022-25630"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022591"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2782"
},
{
"db": "NVD",
"id": "CVE-2022-25630"
}
]
},
"id": "VAR-202212-1053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-416450"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:21:28.142000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Broadcom Symantec Messaging Gateway Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=217194"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2782"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416450"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022591"
},
{
"db": "NVD",
"id": "CVE-2022-25630"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/securityadvisories/0/21117"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/171781/symantec-messaging-gateway-10.7.4-cross-site-scripting.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25630"
},
{
"trust": 0.7,
"url": "https://support.broadcom.com/external/content/securityadvisories/0/21117"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25630/"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/51342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416450"
},
{
"db": "VULMON",
"id": "CVE-2022-25630"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022591"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2782"
},
{
"db": "NVD",
"id": "CVE-2022-25630"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-416450"
},
{
"db": "VULMON",
"id": "CVE-2022-25630"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022591"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2782"
},
{
"db": "NVD",
"id": "CVE-2022-25630"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-416450"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25630"
},
{
"date": "2023-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022591"
},
{
"date": "2022-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2782"
},
{
"date": "2022-12-09T18:15:18.270000",
"db": "NVD",
"id": "CVE-2022-25630"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-416450"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25630"
},
{
"date": "2023-11-17T08:22:00",
"db": "JVNDB",
"id": "JVNDB-2022-022591"
},
{
"date": "2023-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2782"
},
{
"date": "2023-04-10T20:15:07.797000",
"db": "NVD",
"id": "CVE-2022-25630"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2782"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec\u0027s \u00a0Symantec\u00a0Messaging\u00a0Gateway\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022591"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2782"
}
],
"trust": 0.6
}
}
var-201708-1312
Vulnerability from variot
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code on the affected system. Versions prior to Symantec Messaging Gateway 10.6.3-267 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "message gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "symantec",
"version": "10.6.3-267"
},
{
"model": "message gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.6.3-2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-266"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-7"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-267"
}
],
"sources": [
{
"db": "BID",
"id": "100135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007188"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-869"
},
{
"db": "NVD",
"id": "CVE-2017-6327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:message_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philip Pettersson: philip.pettersson@gmail.com",
"sources": [
{
"db": "BID",
"id": "100135"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6327",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-6327",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-114530",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6327",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6327",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6327",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6327",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-869",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114530",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6327",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114530"
},
{
"db": "VULMON",
"id": "CVE-2017-6327"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007188"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-869"
},
{
"db": "NVD",
"id": "CVE-2017-6327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a remote code-execution vulnerability. \nAttackers can exploit this issue to execute arbitrary code on the affected system. \nVersions prior to Symantec Messaging Gateway 10.6.3-267 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6327"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007188"
},
{
"db": "BID",
"id": "100135"
},
{
"db": "VULHUB",
"id": "VHN-114530"
},
{
"db": "VULMON",
"id": "CVE-2017-6327"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-114530",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42519",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114530"
},
{
"db": "VULMON",
"id": "CVE-2017-6327"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6327",
"trust": 2.9
},
{
"db": "BID",
"id": "100135",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "42519",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-869",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-96367",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143821",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-114530",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6327",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114530"
},
{
"db": "VULMON",
"id": "CVE-2017-6327"
},
{
"db": "BID",
"id": "100135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007188"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-869"
},
{
"db": "NVD",
"id": "CVE-2017-6327"
}
]
},
"id": "VAR-201708-1312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114530"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:54.961000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM17-006",
"trust": 0.8,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170810_00"
},
{
"title": "Symantec Messaging Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99656"
},
{
"title": "Symantec Security Advisories: Symantec Messaging Gateway RCE and CSRF",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=c0ee8fdc79b5124205ebcb6279717998"
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/bug-nsa-china-backed-cyberattacks/160421/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-6327"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007188"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-869"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114530"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007188"
},
{
"db": "NVD",
"id": "CVE-2017-6327"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170810_00"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/100135"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/42519/"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2017/aug/28"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6327"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6327"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20170810_00"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/bug-nsa-china-backed-cyberattacks/160421/"
},
{
"trust": 0.1,
"url": "https://support.symantec.com/en_us/article.symsa1411.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114530"
},
{
"db": "VULMON",
"id": "CVE-2017-6327"
},
{
"db": "BID",
"id": "100135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007188"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-869"
},
{
"db": "NVD",
"id": "CVE-2017-6327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114530"
},
{
"db": "VULMON",
"id": "CVE-2017-6327"
},
{
"db": "BID",
"id": "100135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007188"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-869"
},
{
"db": "NVD",
"id": "CVE-2017-6327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-114530"
},
{
"date": "2017-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6327"
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100135"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007188"
},
{
"date": "2017-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-869"
},
{
"date": "2017-08-11T20:29:00.207000",
"db": "NVD",
"id": "CVE-2017-6327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114530"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6327"
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100135"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007188"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-869"
},
{
"date": "2024-11-21T03:29:34.190000",
"db": "NVD",
"id": "CVE-2017-6327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-869"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-869"
}
],
"trust": 0.6
}
}
var-201706-0552
Vulnerability from variot
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code on the affected system. Versions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0552",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-266"
}
],
"sources": [
{
"db": "BID",
"id": "98893"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005085"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-870"
},
{
"db": "NVD",
"id": "CVE-2017-6326"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005085"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mehmet Dursun Ince",
"sources": [
{
"db": "BID",
"id": "98893"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6326",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6326",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-114529",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6326",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6326",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6326",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-870",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114529",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-6326",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114529"
},
{
"db": "VULMON",
"id": "CVE-2017-6326"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005085"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-870"
},
{
"db": "NVD",
"id": "CVE-2017-6326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a remote code-execution vulnerability. \nAttackers can exploit this issue to execute arbitrary code on the affected system. \nVersions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6326"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005085"
},
{
"db": "BID",
"id": "98893"
},
{
"db": "VULHUB",
"id": "VHN-114529"
},
{
"db": "VULMON",
"id": "CVE-2017-6326"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-114529",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42251",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114529"
},
{
"db": "VULMON",
"id": "CVE-2017-6326"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6326",
"trust": 2.9
},
{
"db": "BID",
"id": "98893",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1038785",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "42251",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005085",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-870",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "143129",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-114529",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6326",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114529"
},
{
"db": "VULMON",
"id": "CVE-2017-6326"
},
{
"db": "BID",
"id": "98893"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005085"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-870"
},
{
"db": "NVD",
"id": "CVE-2017-6326"
}
]
},
"id": "VAR-201706-0552",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114529"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:59.797000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM17-004",
"trust": 0.8,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
},
{
"title": "Symantec Messaging Gateway Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100376"
},
{
"title": "Symantec Security Advisories: Symantec Messaging Gateway Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=87a01cb99de9de36ac7e7d7b134aa96d"
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-6326"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005085"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-870"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114529"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005085"
},
{
"db": "NVD",
"id": "CVE-2017-6326"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/98893"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/42251/"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1038785"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6326"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6326"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20170621_00"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=54308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/linux/http/symantec_messaging_gateway_exec"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114529"
},
{
"db": "VULMON",
"id": "CVE-2017-6326"
},
{
"db": "BID",
"id": "98893"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005085"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-870"
},
{
"db": "NVD",
"id": "CVE-2017-6326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114529"
},
{
"db": "VULMON",
"id": "CVE-2017-6326"
},
{
"db": "BID",
"id": "98893"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005085"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-870"
},
{
"db": "NVD",
"id": "CVE-2017-6326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-26T00:00:00",
"db": "VULHUB",
"id": "VHN-114529"
},
{
"date": "2017-06-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6326"
},
{
"date": "2017-06-21T00:00:00",
"db": "BID",
"id": "98893"
},
{
"date": "2017-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005085"
},
{
"date": "2017-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-870"
},
{
"date": "2017-06-26T21:29:00.267000",
"db": "NVD",
"id": "CVE-2017-6326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114529"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6326"
},
{
"date": "2017-06-21T00:00:00",
"db": "BID",
"id": "98893"
},
{
"date": "2017-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005085"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-870"
},
{
"date": "2024-11-21T03:29:34.073000",
"db": "NVD",
"id": "CVE-2017-6326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-870"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005085"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-870"
}
],
"trust": 0.6
}
}
var-201708-1313
Vulnerability from variot
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. Symantec Messaging Gateway Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Versions prior to Symantec Messaging Gateway 10.6.3-267 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "message gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.6.3-2"
},
{
"model": "message gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.6.3-267"
},
{
"model": "message gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.6.3-2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-266"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-7"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-267"
}
],
"sources": [
{
"db": "BID",
"id": "100136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007189"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-868"
},
{
"db": "NVD",
"id": "CVE-2017-6328"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:message_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007189"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mishra Dhiraj.",
"sources": [
{
"db": "BID",
"id": "100136"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6328",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-6328",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-114531",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6328",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6328",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6328",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-868",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114531",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114531"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007189"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-868"
},
{
"db": "NVD",
"id": "CVE-2017-6328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user\u0027s browser. Symantec Messaging Gateway Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nVersions prior to Symantec Messaging Gateway 10.6.3-267 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6328"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007189"
},
{
"db": "BID",
"id": "100136"
},
{
"db": "VULHUB",
"id": "VHN-114531"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-114531",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114531"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6328",
"trust": 2.8
},
{
"db": "BID",
"id": "100136",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007189",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-868",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "37417",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "42613",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-114531",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114531"
},
{
"db": "BID",
"id": "100136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007189"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-868"
},
{
"db": "NVD",
"id": "CVE-2017-6328"
}
]
},
"id": "VAR-201708-1313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114531"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:59:15.926000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM17-006",
"trust": 0.8,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170810_00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007189"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114531"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007189"
},
{
"db": "NVD",
"id": "CVE-2017-6328"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170810_00"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/100136"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6328"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6328"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37417"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20170810_00"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114531"
},
{
"db": "BID",
"id": "100136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007189"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-868"
},
{
"db": "NVD",
"id": "CVE-2017-6328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114531"
},
{
"db": "BID",
"id": "100136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007189"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-868"
},
{
"db": "NVD",
"id": "CVE-2017-6328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-114531"
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100136"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007189"
},
{
"date": "2017-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-868"
},
{
"date": "2017-08-11T20:29:00.237000",
"db": "NVD",
"id": "CVE-2017-6328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-114531"
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100136"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007189"
},
{
"date": "2017-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-868"
},
{
"date": "2024-11-21T03:29:34.303000",
"db": "NVD",
"id": "CVE-2017-6328"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-868"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007189"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-868"
}
],
"trust": 0.6
}
}
var-201604-0089
Vulnerability from variot
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. Supplementary information : CWE Vulnerability type by CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( injection ) Has been identified. http://cwe.mitre.org/data/definitions/74.htmlThrough the input of a crafted terminal window by a local user, root May be granted shell permissions. This may aid in further attacks. Versions prior to Symantec Messaging Gateway 10.6.0-7 are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.6.0"
},
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.6.0"
},
{
"model": "messaging gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
}
],
"sources": [
{
"db": "BID",
"id": "86138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002357"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-366"
},
{
"db": "NVD",
"id": "CVE-2016-2204"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002357"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin Carpenter with Citco",
"sources": [
{
"db": "BID",
"id": "86138"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-366"
}
],
"trust": 0.9
},
"cve": "CVE-2016-2204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "CVE-2016-2204",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "VHN-91023",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2016-2204",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2204",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2204",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-366",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-91023",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91023"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002357"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-366"
},
{
"db": "NVD",
"id": "CVE-2016-2204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. Supplementary information : CWE Vulnerability type by CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( injection ) Has been identified. http://cwe.mitre.org/data/definitions/74.htmlThrough the input of a crafted terminal window by a local user, root May be granted shell permissions. This may aid in further attacks. \nVersions prior to Symantec Messaging Gateway 10.6.0-7 are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2204"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002357"
},
{
"db": "BID",
"id": "86138"
},
{
"db": "VULHUB",
"id": "VHN-91023"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2204",
"trust": 2.8
},
{
"db": "BID",
"id": "86138",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1035609",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002357",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-366",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-91023",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91023"
},
{
"db": "BID",
"id": "86138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002357"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-366"
},
{
"db": "NVD",
"id": "CVE-2016-2204"
}
]
},
"id": "VAR-201604-0089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91023"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:31:00.043000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM16-005",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160418_00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002357"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91023"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002357"
},
{
"db": "NVD",
"id": "CVE-2016-2204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/86138"
},
{
"trust": 1.6,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160418_00"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035609"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2204"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2204"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20160418_00"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91023"
},
{
"db": "BID",
"id": "86138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002357"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-366"
},
{
"db": "NVD",
"id": "CVE-2016-2204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-91023"
},
{
"db": "BID",
"id": "86138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002357"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-366"
},
{
"db": "NVD",
"id": "CVE-2016-2204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-91023"
},
{
"date": "2016-04-18T00:00:00",
"db": "BID",
"id": "86138"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002357"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-366"
},
{
"date": "2016-04-22T18:59:06.223000",
"db": "NVD",
"id": "CVE-2016-2204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-91023"
},
{
"date": "2016-04-18T00:00:00",
"db": "BID",
"id": "86138"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002357"
},
{
"date": "2016-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-366"
},
{
"date": "2024-11-21T02:48:02.197000",
"db": "NVD",
"id": "CVE-2016-2204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "86138"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-366"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Appliance In the device management console root Shell access vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002357"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-366"
}
],
"trust": 0.6
}
}
var-201706-0550
Vulnerability from variot
The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Versions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.6.2"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.6.2"
},
{
"_id": null,
"model": "messaging gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.2"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.4"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3-3"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.2"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.3"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.2"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-266"
}
],
"sources": [
{
"db": "BID",
"id": "98889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005271"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-872"
},
{
"db": "NVD",
"id": "CVE-2017-6324"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005271"
}
]
},
"credits": {
"_id": null,
"data": "Adam Witt",
"sources": [
{
"db": "BID",
"id": "98889"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6324",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6324",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114527",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6324",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6324",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6324",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-872",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114527",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-6324",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114527"
},
{
"db": "VULMON",
"id": "CVE-2017-6324"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005271"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-872"
},
{
"db": "NVD",
"id": "CVE-2017-6324"
}
]
},
"description": {
"_id": null,
"data": "The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the \u0027disarm\u0027 functionality enabled. This constitutes a \u0027bypass\u0027 of the disarm functionality resident to the application. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. \nVersions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6324"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005271"
},
{
"db": "BID",
"id": "98889"
},
{
"db": "VULHUB",
"id": "VHN-114527"
},
{
"db": "VULMON",
"id": "CVE-2017-6324"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-6324",
"trust": 2.9
},
{
"db": "BID",
"id": "98889",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1038785",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005271",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-872",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-114527",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6324",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114527"
},
{
"db": "VULMON",
"id": "CVE-2017-6324"
},
{
"db": "BID",
"id": "98889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005271"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-872"
},
{
"db": "NVD",
"id": "CVE-2017-6324"
}
]
},
"id": "VAR-201706-0550",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114527"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:59.865000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SYM17-004",
"trust": 0.8,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00#_Symantec_Messaging_Gateway_3"
},
{
"title": "Symantec Messaging Gateway Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100377"
},
{
"title": "Symantec Security Advisories: Symantec Messaging Gateway Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=87a01cb99de9de36ac7e7d7b134aa96d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-6324"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005271"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-872"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114527"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005271"
},
{
"db": "NVD",
"id": "CVE-2017-6324"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.0,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/98889"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1038785"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6324"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6324"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/messaging-gateway"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20170621_00"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=54309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114527"
},
{
"db": "VULMON",
"id": "CVE-2017-6324"
},
{
"db": "BID",
"id": "98889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005271"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-872"
},
{
"db": "NVD",
"id": "CVE-2017-6324"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-114527",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-6324",
"ident": null
},
{
"db": "BID",
"id": "98889",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005271",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201702-872",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-6324",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-06-26T00:00:00",
"db": "VULHUB",
"id": "VHN-114527",
"ident": null
},
{
"date": "2017-06-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6324",
"ident": null
},
{
"date": "2017-06-21T00:00:00",
"db": "BID",
"id": "98889",
"ident": null
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005271",
"ident": null
},
{
"date": "2017-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-872",
"ident": null
},
{
"date": "2017-06-26T21:29:00.187000",
"db": "NVD",
"id": "CVE-2017-6324",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114527",
"ident": null
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6324",
"ident": null
},
{
"date": "2017-06-21T00:00:00",
"db": "BID",
"id": "98889",
"ident": null
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005271",
"ident": null
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-872",
"ident": null
},
{
"date": "2024-11-21T03:29:33.847000",
"db": "NVD",
"id": "CVE-2017-6324",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-872"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Symantec Messaging Gateway Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005271"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-872"
}
],
"trust": 0.6
}
}
var-201912-1230
Vulnerability from variot
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Messaging Gateway Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "symantec",
"version": "10.7.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.6.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.6.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.7.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.6.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.6.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.6.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012942"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-517"
},
{
"db": "NVD",
"id": "CVE-2019-18378"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012942"
}
]
},
"cve": "CVE-2019-18378",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2019-18378",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-150718",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2019-18378",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-18378",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18378",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-18378",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-517",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-150718",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150718"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012942"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-517"
},
{
"db": "NVD",
"id": "CVE-2019-18378"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Messaging Gateway Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18378"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012942"
},
{
"db": "VULHUB",
"id": "VHN-150718"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18378",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012942",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-517",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-150718",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150718"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012942"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-517"
},
{
"db": "NVD",
"id": "CVE-2019-18378"
}
]
},
"id": "VAR-201912-1230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-150718"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:21:22.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1501",
"trust": 0.8,
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
},
{
"title": "Symantec Messaging Gateway Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105352"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012942"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-517"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150718"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012942"
},
{
"db": "NVD",
"id": "CVE-2019-18378"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.symantec.com/us/en/article.symsa1501.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18378"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18378"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150718"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012942"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-517"
},
{
"db": "NVD",
"id": "CVE-2019-18378"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-150718"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012942"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-517"
},
{
"db": "NVD",
"id": "CVE-2019-18378"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-150718"
},
{
"date": "2019-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012942"
},
{
"date": "2019-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-517"
},
{
"date": "2019-12-11T16:15:11.650000",
"db": "NVD",
"id": "CVE-2019-18378"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-150718"
},
{
"date": "2019-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012942"
},
{
"date": "2019-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-517"
},
{
"date": "2024-11-21T04:33:09.910000",
"db": "NVD",
"id": "CVE-2019-18378"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-517"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012942"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-517"
}
],
"trust": 0.6
}
}
var-201704-0124
Vulnerability from variot
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression. plural Symantec Product AntiVirus Decomposer Engine RAR File parser component has a service disruption ( Memory corruption ) There are vulnerabilities that are put into a state.Crafted by a remote attacker that is mishandled during decompression RAR Service disruption via file ( Memory corruption ) There is a possibility of being put into a state. Multiple Symantec products are prone to a memory-corruption vulnerability. An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. AntiVirus Decomposer engine is one of the anti-virus engines. RAR file parser is one of the compressed file parsing components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "advanced threat protection",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection cloud",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": null
},
{
"model": "email security.cloud",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection for small business",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": null
},
{
"model": "protection for sharepoint servers",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "6.0.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "7.5.4"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "7.0.4"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": null
},
{
"model": "protection for sharepoint servers",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "6.0.6"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "7.5.5"
},
{
"model": "protection for sharepoint servers",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "6.0.7"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "8.1.2"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "7.5.4"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "7.5.3"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "8.1.3"
},
{
"model": "symantec data center security server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "endpoint protection",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "12.1.4"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5.3"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.8.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.0.3"
},
{
"model": "mail security for domino",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "8.0.9"
},
{
"model": "endpoint protection for small business",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "12.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5.2"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5"
},
{
"model": "protection for sharepoint servers",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "6.0.3"
},
{
"model": "endpoint protection",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "protection engine",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "7.0.5"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5.2"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.0"
},
{
"model": "messaging gateway for service providers",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.0.2"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5.1"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "6.5.8"
},
{
"model": "protection for sharepoint servers",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "6.0.4"
},
{
"model": "web security.cloud",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": null
},
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.0.1"
},
{
"model": "csapi",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.0.4"
},
{
"model": "messaging gateway for service providers",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "12.1.4"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "advanced threat protection",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "csapi",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "messaging gateway for service providers",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "data center security:server",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "email security.cloud",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection cloud",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection small business edition",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "mail security for domino",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "mail security for microsoft exchange",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "messaging gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "protection engine",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "protection for sharepoint servers",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "web gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "web security.cloud",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection ru6",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "11.0.4000.2295"
},
{
"model": "data center security server",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection for small business",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "12.1"
},
{
"model": "endpoint protection ru6a",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.13"
},
{
"model": "message gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-3"
},
{
"model": "endpoint protection ru6mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.6.368"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1"
},
{
"model": "endpoint protection mp5",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.7"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.6100"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.1.9.37"
},
{
"model": "endpoint protection for mac mp4",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0"
},
{
"model": "endpoint protection mr3",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "message gateway for service providers patch",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5260"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.1.4"
},
{
"model": "endpoint protection ru2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.2"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2010.25"
},
{
"model": "norton antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.6"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.12"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.1.4.32"
},
{
"model": "message gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.5"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.1"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.1.1"
},
{
"model": "endpoint protection for linux mp4",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.11"
},
{
"model": "endpoint protection mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.5"
},
{
"model": "norton security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.1"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.0.19"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.7"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.10"
},
{
"model": "email security server.cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.6.5.12"
},
{
"model": "endpoint protection mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2"
},
{
"model": "endpoint protection cloud for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.4100.4126"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.3"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1.1"
},
{
"model": "data center security:server",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "norton security for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "13.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.4013"
},
{
"model": "message gateway for service providers patch",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6259"
},
{
"model": "endpoint protection mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.8"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.2"
},
{
"model": "message gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-4"
},
{
"model": "message gateway for service providers",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.13"
},
{
"model": "csapi",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.4"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2020.56"
},
{
"model": "protection engine hf03",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "7.8"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.4.29"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.4.363"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7.3"
},
{
"model": "protection engine hf02",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "7.0.5"
},
{
"model": "endpoint protection ru7",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.781.1287"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.3001.2224"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.8"
},
{
"model": "endpoint protection ru7 mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection ru6 mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "web security .cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.9"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.12"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.5"
},
{
"model": "endpoint protection small business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.9"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.8"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.1.2.28"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.0.5"
},
{
"model": "data center security:server",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.0"
},
{
"model": "data center security:server 6.6mp1",
"scope": null,
"trust": 0.3,
"vendor": "symantec",
"version": null
},
{
"model": "advanced threat protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.1"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7.2"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.0.024"
},
{
"model": "endpoint protection ru7 mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection ru6-mp3(11.0.63",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.10.382"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.2.1"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.4010.19"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.9"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.12"
},
{
"model": "endpoint protection mp4",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.6"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.1000"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.6"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7000"
},
{
"model": "endpoint protection ru4",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "protection engine hf01",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.5"
},
{
"model": "endpoint protection ru6 mp4",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.3"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.6000"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.47"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.10"
},
{
"model": "endpoint protection cloud for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "endpoint protection mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.3001"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2001.10"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.8"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.1"
},
{
"model": "endpoint protection ru5",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.6.8.120"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.10"
},
{
"model": "endpoint protection for linux mp5",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "data center security:server",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.2015.2015"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.3.25"
},
{
"model": "message gateway for service providers",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.0.1"
},
{
"model": "endpoint protection ru6 mp3",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.5"
},
{
"model": "endpoint protection for mac mp5",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.11"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.8"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2000.1567"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.6200.754"
},
{
"model": "endpoint protection ru6mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection ru6 mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7.4"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.1"
},
{
"model": "endpoint protection ru6-mp1(11.0.61",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7.1"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.325"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "data center security:server 6.5mp1",
"scope": null,
"trust": 0.3,
"vendor": "symantec",
"version": null
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.5.32"
},
{
"model": "endpoint protection mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.1"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7100"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.4010.26"
},
{
"model": "data center security:server 6.0mp1",
"scope": null,
"trust": 0.3,
"vendor": "symantec",
"version": null
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.11"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.7.373"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.6300"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.4000"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.6200"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.2"
},
{
"model": "endpoint protection ru7-mp3",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "norton bootable removal tool",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "2016.1"
},
{
"model": "endpoint protection mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2"
},
{
"model": "endpoint protection ru6-mp2(11.0.62",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.0.1"
},
{
"model": "protection engine hf02",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.4"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.780.1109"
},
{
"model": "csapi hf02",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.4"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.4202.75"
},
{
"model": "endpoint protection mp5",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
}
],
"sources": [
{
"db": "BID",
"id": "92866"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008463"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-397"
},
{
"db": "NVD",
"id": "CVE-2016-5310"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_threat_protection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:csapi",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway_for_service_providers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:data_center_security_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:email_security.cloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:endpoint_protection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:endpoint_protection_cloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:endpoint_protection_for_small_business",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:mail_security_for_domino",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:mail_security_for_microsoft_exchange",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:protection_engine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:protection_for_sharepoint_servers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:web_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:web_security.cloud",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008463"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tavis Ormandy with Google???s Project Zero",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-397"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5310",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5310",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-94129",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2016-5310",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-5310",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5310",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5310",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94129",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94129"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008463"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-397"
},
{
"db": "NVD",
"id": "CVE-2016-5310"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression. plural Symantec Product AntiVirus Decomposer Engine RAR File parser component has a service disruption ( Memory corruption ) There are vulnerabilities that are put into a state.Crafted by a remote attacker that is mishandled during decompression RAR Service disruption via file ( Memory corruption ) There is a possibility of being put into a state. Multiple Symantec products are prone to a memory-corruption vulnerability. \nAn attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. AntiVirus Decomposer engine is one of the anti-virus engines. RAR file parser is one of the compressed file parsing components",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5310"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008463"
},
{
"db": "BID",
"id": "92866"
},
{
"db": "VULHUB",
"id": "VHN-94129"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-94129",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94129"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5310",
"trust": 2.8
},
{
"db": "BID",
"id": "92866",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "40405",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1036847",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1036849",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1036848",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1036850",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008463",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-397",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94129",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94129"
},
{
"db": "BID",
"id": "92866"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008463"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-397"
},
{
"db": "NVD",
"id": "CVE-2016-5310"
}
]
},
"id": "VAR-201704-0124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94129"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:38:36.066000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM16-015",
"trust": 0.8,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"title": "Multiple Symantec Product memory corruption vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64191"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008463"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-397"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94129"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008463"
},
{
"db": "NVD",
"id": "CVE-2016-5310"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92866"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"trust": 1.7,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036847"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036848"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036849"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036850"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5310"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5310"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20160919_00"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94129"
},
{
"db": "BID",
"id": "92866"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008463"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-397"
},
{
"db": "NVD",
"id": "CVE-2016-5310"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94129"
},
{
"db": "BID",
"id": "92866"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008463"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-397"
},
{
"db": "NVD",
"id": "CVE-2016-5310"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-94129"
},
{
"date": "2016-09-19T00:00:00",
"db": "BID",
"id": "92866"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008463"
},
{
"date": "2016-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-397"
},
{
"date": "2017-04-14T18:59:00.563000",
"db": "NVD",
"id": "CVE-2016-5310"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-94129"
},
{
"date": "2016-09-19T00:00:00",
"db": "BID",
"id": "92866"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008463"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-397"
},
{
"date": "2024-11-21T02:54:04.543000",
"db": "NVD",
"id": "CVE-2016-5310"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-397"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Symantec Product AntiVirus Decomposer Engine RAR Service disruption in file parser components (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008463"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-397"
}
],
"trust": 0.6
}
}
var-201704-0123
Vulnerability from variot
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression. plural Symantec Product AntiVirus Decomposer Engine RAR File parser component has a service disruption ( Read out of bounds ) There are vulnerabilities that are put into a state.Crafted by a remote attacker that is mishandled during decompression RAR Service disruption via file ( Read out of bounds ) There is a possibility of being put into a state. Multiple Symantec products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. AntiVirus Decomposer engine is one of the anti-virus engines. RAR file parser is one of the compressed file parsing components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "7.0.4"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "7.5.5"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "8.1.2"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "8.1.3"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "7.5.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "7.0.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "7.0.2"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "7.5.2"
},
{
"model": "protection for sharepoint servers",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "6.0.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "7.5.4"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": null
},
{
"model": "protection for sharepoint servers",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "6.0.6"
},
{
"model": "protection for sharepoint servers",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "6.0.7"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "7.5.4"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "7.5.3"
},
{
"model": "advanced threat protection",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": null
},
{
"model": "symantec data center security server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "endpoint protection",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "12.1.4"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5.3"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.8.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.0.3"
},
{
"model": "mail security for domino",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "8.0.9"
},
{
"model": "endpoint protection for small business",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection for small business",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "12.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5.2"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5"
},
{
"model": "protection for sharepoint servers",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "6.0.3"
},
{
"model": "endpoint protection",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "protection engine",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "7.0.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.0"
},
{
"model": "messaging gateway for service providers",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "6.5.8"
},
{
"model": "endpoint protection cloud",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": null
},
{
"model": "protection for sharepoint servers",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "6.0.4"
},
{
"model": "web security.cloud",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": null
},
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5.0"
},
{
"model": "csapi",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.0.4"
},
{
"model": "messaging gateway for service providers",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "email security.cloud",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": null
},
{
"model": "protection engine",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "7.0.5"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "8.0.9"
},
{
"model": "advanced threat protection",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "csapi",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "messaging gateway for service providers",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "data center security:server",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "email security.cloud",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection cloud",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection small business edition",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "mail security for domino",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "mail security for microsoft exchange",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "messaging gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "protection engine",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "protection for sharepoint servers",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "web gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "web security.cloud",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "endpoint protection ru6",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "11.0.4000.2295"
},
{
"model": "endpoint protection ru6a",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.13"
},
{
"model": "message gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-3"
},
{
"model": "endpoint protection ru6mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.6.368"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1"
},
{
"model": "endpoint protection mp5",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.7"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.6100"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.1.9.37"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.4"
},
{
"model": "endpoint protection for mac mp4",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0"
},
{
"model": "endpoint protection mr3",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "message gateway for service providers patch",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5260"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.1.4"
},
{
"model": "endpoint protection ru2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.2"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2010.25"
},
{
"model": "norton antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.6"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.12"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.1.4.32"
},
{
"model": "message gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.5"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.1"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.1.1"
},
{
"model": "endpoint protection for linux mp4",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.11"
},
{
"model": "endpoint protection mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.5"
},
{
"model": "norton security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.1"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.0.19"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.7"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.10"
},
{
"model": "email security server.cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.6.5.12"
},
{
"model": "endpoint protection mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2"
},
{
"model": "endpoint protection cloud for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.4100.4126"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.3"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1.1"
},
{
"model": "data center security:server",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "norton security for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "13.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.4013"
},
{
"model": "message gateway for service providers patch",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6259"
},
{
"model": "endpoint protection mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.8"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.2"
},
{
"model": "message gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-4"
},
{
"model": "message gateway for service providers",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.13"
},
{
"model": "csapi",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.4"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2020.56"
},
{
"model": "protection engine hf03",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "7.8"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.4.29"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.4.363"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7.3"
},
{
"model": "protection engine hf02",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "7.0.5"
},
{
"model": "endpoint protection ru7",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.781.1287"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.3001.2224"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.8"
},
{
"model": "endpoint protection ru7 mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection ru6 mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "web security .cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.9"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.12"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.5"
},
{
"model": "endpoint protection small business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.9"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.8"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.1.2.28"
},
{
"model": "data center security:server",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.0"
},
{
"model": "data center security:server 6.6mp1",
"scope": null,
"trust": 0.3,
"vendor": "symantec",
"version": null
},
{
"model": "advanced threat protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.1"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7.2"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.0.024"
},
{
"model": "endpoint protection ru7 mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection ru6-mp3(11.0.63",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.10.382"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.2.1"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.4010.19"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.12"
},
{
"model": "endpoint protection mp4",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.6"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.1000"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.6"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7000"
},
{
"model": "endpoint protection ru4",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "protection engine hf01",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.5"
},
{
"model": "endpoint protection ru6 mp4",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.3"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.6000"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.47"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.10"
},
{
"model": "endpoint protection cloud for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "0"
},
{
"model": "endpoint protection mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.3001"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2001.10"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.8"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.1"
},
{
"model": "endpoint protection ru5",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.6.8.120"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.10"
},
{
"model": "endpoint protection for linux mp5",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "data center security:server",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.2015.2015"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.3.25"
},
{
"model": "message gateway for service providers",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.0.1"
},
{
"model": "endpoint protection ru6 mp3",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.5"
},
{
"model": "endpoint protection for mac mp5",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.11"
},
{
"model": "protection engine",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.8"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2000.1567"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.6200.754"
},
{
"model": "endpoint protection ru6mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection ru6 mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7.4"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "4.1"
},
{
"model": "endpoint protection ru6-mp1(11.0.61",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7.1"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.325"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "data center security:server 6.5mp1",
"scope": null,
"trust": 0.3,
"vendor": "symantec",
"version": null
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.5.32"
},
{
"model": "endpoint protection mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.1"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.7100"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.4010.26"
},
{
"model": "data center security:server 6.0mp1",
"scope": null,
"trust": 0.3,
"vendor": "symantec",
"version": null
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.11"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0.7.373"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.6300"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.4000"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.6200"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.2"
},
{
"model": "endpoint protection ru7-mp3",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "norton bootable removal tool",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "2016.1"
},
{
"model": "endpoint protection mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.2"
},
{
"model": "endpoint protection ru6-mp2(11.0.62",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.0.1"
},
{
"model": "protection engine hf02",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.4"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.780.1109"
},
{
"model": "csapi hf02",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.4"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0.4202.75"
},
{
"model": "endpoint protection mp5",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "12.1.6"
}
],
"sources": [
{
"db": "BID",
"id": "92868"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008464"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-396"
},
{
"db": "NVD",
"id": "CVE-2016-5309"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_threat_protection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:csapi",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway_for_service_providers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:data_center_security_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:email_security.cloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:endpoint_protection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:endpoint_protection_cloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:endpoint_protection_for_small_business",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:mail_security_for_domino",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:mail_security_for_microsoft_exchange",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:protection_engine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:protection_for_sharepoint_servers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:web_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:web_security.cloud",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008464"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tavis Ormandy with Google???s Project Zero",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-396"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5309",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5309",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-94128",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2016-5309",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-5309",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5309",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5309",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-396",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94128",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94128"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008464"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-396"
},
{
"db": "NVD",
"id": "CVE-2016-5309"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression. plural Symantec Product AntiVirus Decomposer Engine RAR File parser component has a service disruption ( Read out of bounds ) There are vulnerabilities that are put into a state.Crafted by a remote attacker that is mishandled during decompression RAR Service disruption via file ( Read out of bounds ) There is a possibility of being put into a state. Multiple Symantec products are prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. AntiVirus Decomposer engine is one of the anti-virus engines. RAR file parser is one of the compressed file parsing components",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5309"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008464"
},
{
"db": "BID",
"id": "92868"
},
{
"db": "VULHUB",
"id": "VHN-94128"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-94128",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94128"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5309",
"trust": 2.8
},
{
"db": "BID",
"id": "92868",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "40405",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1036847",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1036849",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1036848",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1036850",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008464",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-396",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94128",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94128"
},
{
"db": "BID",
"id": "92868"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008464"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-396"
},
{
"db": "NVD",
"id": "CVE-2016-5309"
}
]
},
"id": "VAR-201704-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94128"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:38:36.029000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM16-015",
"trust": 0.8,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"title": "Multiple Symantec Product memory corruption vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64190"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008464"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94128"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008464"
},
{
"db": "NVD",
"id": "CVE-2016-5309"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92868"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"trust": 1.7,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036847"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036848"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036849"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036850"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5309"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5309"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20160919_00"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94128"
},
{
"db": "BID",
"id": "92868"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008464"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-396"
},
{
"db": "NVD",
"id": "CVE-2016-5309"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94128"
},
{
"db": "BID",
"id": "92868"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008464"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-396"
},
{
"db": "NVD",
"id": "CVE-2016-5309"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-94128"
},
{
"date": "2016-09-19T00:00:00",
"db": "BID",
"id": "92868"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008464"
},
{
"date": "2016-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-396"
},
{
"date": "2017-04-14T18:59:00.500000",
"db": "NVD",
"id": "CVE-2016-5309"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-94128"
},
{
"date": "2016-09-19T00:00:00",
"db": "BID",
"id": "92868"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008464"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-396"
},
{
"date": "2024-11-21T02:54:04.413000",
"db": "NVD",
"id": "CVE-2016-5309"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Symantec Product AntiVirus Decomposer Engine RAR Service disruption in file parser components (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008464"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-396"
}
],
"trust": 0.6
}
}
var-201912-1231
Vulnerability from variot
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. Symantec Messaging Gateway Contains a server-side request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is a set of spam filters of Symantec Corporation of the United States. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. A code issue vulnerability exists in Symantec Messaging Gateway prior to 10.7.3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1231",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "symantec",
"version": "10.7.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012943"
},
{
"db": "NVD",
"id": "CVE-2019-18379"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012943"
}
]
},
"cve": "CVE-2019-18379",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18379",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-150719",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18379",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-18379",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18379",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-18379",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-519",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-150719",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-18379",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150719"
},
{
"db": "VULMON",
"id": "CVE-2019-18379"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012943"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-519"
},
{
"db": "NVD",
"id": "CVE-2019-18379"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. Symantec Messaging Gateway Contains a server-side request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is a set of spam filters of Symantec Corporation of the United States. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. A code issue vulnerability exists in Symantec Messaging Gateway prior to 10.7.3",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18379"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012943"
},
{
"db": "VULHUB",
"id": "VHN-150719"
},
{
"db": "VULMON",
"id": "CVE-2019-18379"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18379",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012943",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-519",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-150719",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-18379",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150719"
},
{
"db": "VULMON",
"id": "CVE-2019-18379"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012943"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-519"
},
{
"db": "NVD",
"id": "CVE-2019-18379"
}
]
},
"id": "VAR-201912-1231",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-150719"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:16:41.822000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1501",
"trust": 0.8,
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
},
{
"title": "Symantec Messaging Gateway Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105354"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012943"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-519"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150719"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012943"
},
{
"db": "NVD",
"id": "CVE-2019-18379"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.symantec.com/us/en/article.symsa1501.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18379"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/918.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172901"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150719"
},
{
"db": "VULMON",
"id": "CVE-2019-18379"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012943"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-519"
},
{
"db": "NVD",
"id": "CVE-2019-18379"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-150719"
},
{
"db": "VULMON",
"id": "CVE-2019-18379"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012943"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-519"
},
{
"db": "NVD",
"id": "CVE-2019-18379"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-150719"
},
{
"date": "2019-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18379"
},
{
"date": "2019-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012943"
},
{
"date": "2019-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-519"
},
{
"date": "2019-12-11T16:15:11.747000",
"db": "NVD",
"id": "CVE-2019-18379"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-150719"
},
{
"date": "2019-12-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18379"
},
{
"date": "2019-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012943"
},
{
"date": "2020-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-519"
},
{
"date": "2024-11-21T04:33:10.007000",
"db": "NVD",
"id": "CVE-2019-18379"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-519"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Server-side request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012943"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-519"
}
],
"trust": 0.6
}
}
var-201107-0115
Vulnerability from variot
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding. Autonomy Provided by Autonomy KeyView IDOL Is 1000 A library that decodes the above file formats. IBM Lotus Notes , Lotus Domino , Symantec Mail Security , Hyland OnBase Used in such applications. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. (DoS) An attacker may be attacked or execute arbitrary code with user privileges. Autonomy KeyView Filter is prone to a buffer-overflow vulnerability because of a failure to properly bounds check user-supplied input. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file or email attachment. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously discussed in BID 47962 (IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities) but has been given its own record to better document it. KeyView is a software package for exporting, converting and viewing files in various formats.
For more information: SA44820
SOLUTION: Do not open documents from untrusted sources.
For more information: SA44820
Successful exploitation requires the attachment content scanning option to be enabled.
SOLUTION: Disable the attachment content scanning option. ----------------------------------------------------------------------
Alerts when vulnerabilities pose a threat to your infrastructure The enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies.
For more information see vulnerability #6 in: SA44624
Please see the vendor's advisory for the list for affected products. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Autonomy KeyView File Processing Vulnerabilities
SECUNIA ADVISORY ID: SA44820
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44820/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44820
RELEASE DATE: 2011-06-08
DISCUSS ADVISORY: http://secunia.com/advisories/44820/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44820/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44820
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system.
1) An error when processing Windows Write (WRI) files can be exploited to cause a stack-based buffer overflow.
2) Some errors when processing unspecified file formats can be exploited to corrupt memory. No further information is currently available.
The vulnerabilities are reported in versions prior to 10.13.1.
SOLUTION: Update to version 10.13.1.
PROVIDED AND/OR DISCOVERED BY: Will Dormann and Jared Allar, CERT/CC.
ORIGINAL ADVISORY: US-CERT (VU#126159): http://www.kb.cert.org/vuls/id/126159
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201107-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "7.7"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "8.1"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "8.1.1"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "4.1.0"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "4.0.0"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "5.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10"
},
{
"model": "mail security",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "9.0.1"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.0"
},
{
"model": "mail security",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "6.0.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "data loss prevention",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "9.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.2"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "9.0"
},
{
"model": "brightmail and messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.1"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "9.0.2"
},
{
"model": "mail security",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "8.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "autonomy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "emc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hyland",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lotus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "palisade",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trend micro",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "verdasys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "websense",
"version": null
},
{
"model": "keyview idol",
"scope": "lt",
"trust": 0.8,
"vendor": "autonomy",
"version": "10.13.1 earlier"
},
{
"model": "brightmail gateway and symantec messaging gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "data loss prevention endpoint agents",
"scope": "lte",
"trust": 0.8,
"vendor": "symantec",
"version": "10.x"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11.x"
},
{
"model": "data loss prevention enforce/detection servers",
"scope": "lte",
"trust": 0.8,
"vendor": "symantec",
"version": "(linux) 10.x"
},
{
"model": "data loss prevention enforce/detection servers",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "(linux) 11.x"
},
{
"model": "data loss prevention enforce/detection servers",
"scope": "lte",
"trust": 0.8,
"vendor": "symantec",
"version": "(windows) 10.x"
},
{
"model": "data loss prevention enforce/detection servers",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "(windows) 11.x"
},
{
"model": "mail security",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "(domino) 7.5.x"
},
{
"model": "mail security",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "(domino) 8.x"
},
{
"model": "mail security",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "(exchange) 6.x"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.11"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.10"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.9"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.8"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.7"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.6"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.0.1"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.3"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.2"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.1"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.10"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.9"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.8"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.7"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.325"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.5.32"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.4.29"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.3.25"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.0.19"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1010.18007"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.187"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.2"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.101"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.10.9"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.3"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.6.2"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.10.38"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1010.18007"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.185"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.3"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.2"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.1"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.101"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.10.8"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.1"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.228"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.5.15"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1010.18007"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.185"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.3"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.2"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.101"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.10.8"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.238"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.5.15"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "brightmail gateway series appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "83000"
},
{
"model": "brightmail gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.2"
},
{
"model": "brightmail gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.2"
},
{
"model": "brightmail gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.1"
},
{
"model": "brightmail gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0"
},
{
"model": "brightmail gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "host data loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.2"
},
{
"model": "host data loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.6"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.4"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "lotus notes fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.6"
},
{
"model": "lotus notes fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.2"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.4"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.3"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "9.2"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.9"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.8"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.5"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.12"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.11"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.10"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10"
},
{
"model": "keyview idol",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.9"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.4"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.3"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "9.2"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.8"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.5"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.12"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.11"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.10"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.4"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.3"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "9.2"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.9"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.8"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.5"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.12"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.10"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.12"
},
{
"model": "mail security for domino",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.8"
},
{
"model": "mail security for domino",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.11"
},
{
"model": "data loss prevention endpoint agents",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.3"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.3"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.3"
},
{
"model": "keyview idol",
"scope": "ne",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.13.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "BID",
"id": "48013"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:autonomy:autonomy_keyview_idol",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "102365"
},
{
"db": "PACKETSTORM",
"id": "102187"
},
{
"db": "PACKETSTORM",
"id": "101914"
},
{
"db": "PACKETSTORM",
"id": "102081"
},
{
"db": "PACKETSTORM",
"id": "115865"
}
],
"trust": 0.5
},
"cve": "CVE-2011-0548",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-0548",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 7.4,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 8.6,
"id": "VU#126159",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-48493",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-0548",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#126159",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-0548",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201106-004",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-48493",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding. Autonomy Provided by Autonomy KeyView IDOL Is 1000 A library that decodes the above file formats. IBM Lotus Notes , Lotus Domino , Symantec Mail Security , Hyland OnBase Used in such applications. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. (DoS) An attacker may be attacked or execute arbitrary code with user privileges. Autonomy KeyView Filter is prone to a buffer-overflow vulnerability because of a failure to properly bounds check user-supplied input. \nAn attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file or email attachment. Failed exploit attempts will result in a denial-of-service condition. \nNOTE: This issue was previously discussed in BID 47962 (IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities) but has been given its own record to better document it. KeyView is a software package for exporting, converting and viewing files in various formats. \n\nFor more information:\nSA44820\n\nSOLUTION:\nDo not open documents from untrusted sources. \n\nFor more information:\nSA44820\n\nSuccessful exploitation requires the attachment content scanning\noption to be enabled. \n\nSOLUTION:\nDisable the attachment content scanning option. ----------------------------------------------------------------------\n\n\nAlerts when vulnerabilities pose a threat to your infrastructure\nThe enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies. \n\nFor more information see vulnerability #6 in:\nSA44624\n\nPlease see the vendor\u0027s advisory for the list for affected products. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAutonomy KeyView File Processing Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44820\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44820/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44820\n\nRELEASE DATE:\n2011-06-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44820/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44820/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44820\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Autonomy KeyView,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\n1) An error when processing Windows Write (WRI) files can be\nexploited to cause a stack-based buffer overflow. \n\n2) Some errors when processing unspecified file formats can be\nexploited to corrupt memory. No further information is currently\navailable. \n\nThe vulnerabilities are reported in versions prior to 10.13.1. \n\nSOLUTION:\nUpdate to version 10.13.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann and Jared Allar, CERT/CC. \n\nORIGINAL ADVISORY:\nUS-CERT (VU#126159):\nhttp://www.kb.cert.org/vuls/id/126159\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0548"
},
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "BID",
"id": "48013"
},
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "PACKETSTORM",
"id": "102365"
},
{
"db": "PACKETSTORM",
"id": "102187"
},
{
"db": "PACKETSTORM",
"id": "101914"
},
{
"db": "PACKETSTORM",
"id": "102081"
},
{
"db": "PACKETSTORM",
"id": "115865"
}
],
"trust": 3.87
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/126159",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-0548",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "44779",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1025596",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1025594",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1025595",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#126159",
"trust": 2.3
},
{
"db": "BID",
"id": "48013",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004",
"trust": 0.7
},
{
"db": "MCAFEE",
"id": "SB10024",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "50399",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "44877",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "44878",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "44820",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-48493",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102365",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102187",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101914",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102081",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115865",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "BID",
"id": "48013"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "PACKETSTORM",
"id": "102365"
},
{
"db": "PACKETSTORM",
"id": "102187"
},
{
"db": "PACKETSTORM",
"id": "101914"
},
{
"db": "PACKETSTORM",
"id": "102081"
},
{
"db": "PACKETSTORM",
"id": "115865"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
}
]
},
"id": "VAR-201107-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48493"
}
],
"trust": 0.6
},
"last_update_date": "2024-11-23T19:38:15.704000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KeyView IDOL \u0026 Connectors",
"trust": 0.8,
"url": "http://www.autonomy.com/content/Products/idol-modules-connectors/index.en.html"
},
{
"title": "Information Connectivity",
"trust": 0.8,
"url": "http://www.autonomy.com/content/Technology/idol-functionality-information-connectivity/index.en.html"
},
{
"title": "Autonomy Support Site",
"trust": 0.8,
"url": "https://customers.autonomy.com/"
},
{
"title": "SYM11-007",
"trust": 0.8,
"url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
},
{
"title": "SYM11-007",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1025594"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1025595"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1025596"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/44779"
},
{
"trust": 1.5,
"url": "http://www.kb.cert.org/vuls/id/126159"
},
{
"trust": 1.0,
"url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
},
{
"trust": 1.0,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/products/idol-modules-connectors/index.en.html"
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/technology/idol-functionality-information-connectivity/index.en.html"
},
{
"trust": 0.8,
"url": "https://customers.autonomy.com"
},
{
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026suid=20111006_00"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu126159"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0548"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0548"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/48013"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.5,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.4,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10024"
},
{
"trust": 0.4,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/software/lotus/products/notes/"
},
{
"trust": 0.3,
"url": "http://www.autonomy.com/content/products/keyview/index.en.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21500034"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=913"
},
{
"trust": 0.3,
"url": "http://conference.first.org/"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=2011\u0026amp;suid=20110531_00"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44877/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44877/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44877"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44878"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44878/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44878/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44779"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44779/"
},
{
"trust": 0.1,
"url": "http://www.youtube.com/user/secunia#p/a/u/0/m1y9sjqr2sy"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44779/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44820/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44820/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44820"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50399/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50399"
},
{
"trust": 0.1,
"url": "http://secunia.com/csi6beta"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50399/#comments"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "BID",
"id": "48013"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "PACKETSTORM",
"id": "102365"
},
{
"db": "PACKETSTORM",
"id": "102187"
},
{
"db": "PACKETSTORM",
"id": "101914"
},
{
"db": "PACKETSTORM",
"id": "102081"
},
{
"db": "PACKETSTORM",
"id": "115865"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "BID",
"id": "48013"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "PACKETSTORM",
"id": "102365"
},
{
"db": "PACKETSTORM",
"id": "102187"
},
{
"db": "PACKETSTORM",
"id": "101914"
},
{
"db": "PACKETSTORM",
"id": "102081"
},
{
"db": "PACKETSTORM",
"id": "115865"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-07T00:00:00",
"db": "CERT/CC",
"id": "VU#126159"
},
{
"date": "2011-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-48493"
},
{
"date": "2011-05-24T00:00:00",
"db": "BID",
"id": "48013"
},
{
"date": "2011-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"date": "2011-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"date": "2011-06-17T04:44:22",
"db": "PACKETSTORM",
"id": "102365"
},
{
"date": "2011-06-12T08:47:41",
"db": "PACKETSTORM",
"id": "102187"
},
{
"date": "2011-06-01T04:21:47",
"db": "PACKETSTORM",
"id": "101914"
},
{
"date": "2011-06-08T02:09:27",
"db": "PACKETSTORM",
"id": "102081"
},
{
"date": "2012-08-24T05:43:31",
"db": "PACKETSTORM",
"id": "115865"
},
{
"date": "2011-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-004"
},
{
"date": "2011-07-18T22:55:00.860000",
"db": "NVD",
"id": "CVE-2011-0548"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-04T00:00:00",
"db": "CERT/CC",
"id": "VU#126159"
},
{
"date": "2013-02-07T00:00:00",
"db": "VULHUB",
"id": "VHN-48493"
},
{
"date": "2015-03-19T08:17:00",
"db": "BID",
"id": "48013"
},
{
"date": "2011-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"date": "2011-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"date": "2011-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-004"
},
{
"date": "2024-11-21T01:24:16.130000",
"db": "NVD",
"id": "CVE-2011-0548"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers",
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
],
"trust": 0.6
}
}
var-201912-1229
Vulnerability from variot
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is a set of spam filters of Symantec Corporation of the United States. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. A security vulnerability exists in Symantec Messaging Gateway prior to 10.7.3. A remote attacker could exploit this vulnerability to elevate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "symantec",
"version": "10.7.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012941"
},
{
"db": "NVD",
"id": "CVE-2019-18377"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012941"
}
]
},
"cve": "CVE-2019-18377",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-18377",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-150717",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2019-18377",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18377",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18377",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-18377",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-516",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-150717",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150717"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012941"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-516"
},
{
"db": "NVD",
"id": "CVE-2019-18377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is a set of spam filters of Symantec Corporation of the United States. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. A security vulnerability exists in Symantec Messaging Gateway prior to 10.7.3. A remote attacker could exploit this vulnerability to elevate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18377"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012941"
},
{
"db": "VULHUB",
"id": "VHN-150717"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18377",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-516",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-04080",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-150717",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150717"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012941"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-516"
},
{
"db": "NVD",
"id": "CVE-2019-18377"
}
]
},
"id": "VAR-201912-1229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-150717"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:29:49.375000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1501",
"trust": 0.8,
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
},
{
"title": "Symantec Messaging Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105351"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012941"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-516"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012941"
},
{
"db": "NVD",
"id": "CVE-2019-18377"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.symantec.com/us/en/article.symsa1501.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18377"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18377"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150717"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012941"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-516"
},
{
"db": "NVD",
"id": "CVE-2019-18377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-150717"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012941"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-516"
},
{
"db": "NVD",
"id": "CVE-2019-18377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-150717"
},
{
"date": "2019-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012941"
},
{
"date": "2019-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-516"
},
{
"date": "2019-12-11T16:15:11.540000",
"db": "NVD",
"id": "CVE-2019-18377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-150717"
},
{
"date": "2019-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012941"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-516"
},
{
"date": "2024-11-21T04:33:09.820000",
"db": "NVD",
"id": "CVE-2019-18377"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-516"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerability in Permission Management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-516"
}
],
"trust": 0.6
}
}
var-201208-0498
Vulnerability from variot
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. A security vulnerability exists in the Symantec Messaging Gateway application. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta
TITLE: Symantec Messaging Gateway Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50435
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
RELEASE DATE: 2012-08-28
DISCUSS ADVISORY: http://secunia.com/advisories/50435/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50435/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Symantec Messaging Gateway, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting and request forgery attacks.
1) Certain input passed via web or email content is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. gain administrative access when a logged-in administrative user visits a specially crafted web page.
3) An error within the management interface can be exploited to perform otherwise restricted actions and e.g. modify the underlying web application.
The vulnerabilities are reported in versions 9.5.x and prior.
SOLUTION: Upgrade to version 10.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Williams, NGS Secure.
ORIGINAL ADVISORY: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0498",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "eq",
"trust": 2.5,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 2.5,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "9.5.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4495"
},
{
"db": "BID",
"id": "55142"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003971"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-554"
},
{
"db": "NVD",
"id": "CVE-2012-3581"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003971"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Williams with NGS Secure",
"sources": [
{
"db": "BID",
"id": "55142"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-554"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3581",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2012-3581",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-56862",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3581",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2012-3581",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-554",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-56862",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56862"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003971"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-554"
},
{
"db": "NVD",
"id": "CVE-2012-3581"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. A security vulnerability exists in the Symantec Messaging Gateway application. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------\n\nThe new Secunia CSI 6.0 is now available in beta!\nSeamless integration with your existing security solutions Sign-up to \nbecome a Beta tester: http://secunia.com/csi6beta\n\n----------------------------------------------------------------------\n\nTITLE:\nSymantec Messaging Gateway Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50435\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50435/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435\n\nRELEASE DATE:\n2012-08-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50435/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50435/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and multiple vulnerabilities have been reported in\nSymantec Messaging Gateway, which can be exploited by malicious users\nto bypass certain security restrictions and by malicious people to\ndisclose certain sensitive information and conduct cross-site\nscripting and request forgery attacks. \n\n1) Certain input passed via web or email content is not properly\nsanitised before being returned to the user. This can be exploited to\nexecute arbitrary HTML and script code in a user\u0027s browser session. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to e.g. gain administrative access\nwhen a logged-in administrative user visits a specially crafted web\npage. \n\n3) An error within the management interface can be exploited to\nperform otherwise restricted actions and e.g. modify the underlying\nweb application. \n\nThe vulnerabilities are reported in versions 9.5.x and prior. \n\nSOLUTION:\nUpgrade to version 10. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Ben Williams, NGS Secure. \n\nORIGINAL ADVISORY:\nhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3581"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003971"
},
{
"db": "CNVD",
"id": "CNVD-2012-4495"
},
{
"db": "BID",
"id": "55142"
},
{
"db": "VULHUB",
"id": "VHN-56862"
},
{
"db": "PACKETSTORM",
"id": "115966"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3581",
"trust": 3.4
},
{
"db": "BID",
"id": "55142",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003971",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201208-554",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "50435",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-4495",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20471",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-56862",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115966",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4495"
},
{
"db": "VULHUB",
"id": "VHN-56862"
},
{
"db": "BID",
"id": "55142"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003971"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-554"
},
{
"db": "NVD",
"id": "CVE-2012-3581"
}
]
},
"id": "VAR-201208-0498",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4495"
},
{
"db": "VULHUB",
"id": "VHN-56862"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4495"
}
]
},
"last_update_date": "2024-11-23T22:23:22.685000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM12-013",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"title": "SYM12-013",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20120827_00"
},
{
"title": "Patch for Symantec Messaging Gateway Information Disclosure Vulnerability (CNVD-2012-4495)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/20816"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4495"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003971"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56862"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003971"
},
{
"db": "NVD",
"id": "CVE-2012-3581"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/55142"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3581"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3581"
},
{
"trust": 0.6,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisoryhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50435"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20471"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/messaging-gateway"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=2012\u0026amp;suid=20120827_00"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50435/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/csi6beta"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50435/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4495"
},
{
"db": "VULHUB",
"id": "VHN-56862"
},
{
"db": "BID",
"id": "55142"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003971"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-554"
},
{
"db": "NVD",
"id": "CVE-2012-3581"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-4495"
},
{
"db": "VULHUB",
"id": "VHN-56862"
},
{
"db": "BID",
"id": "55142"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003971"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-554"
},
{
"db": "NVD",
"id": "CVE-2012-3581"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4495"
},
{
"date": "2012-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-56862"
},
{
"date": "2012-08-27T00:00:00",
"db": "BID",
"id": "55142"
},
{
"date": "2012-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003971"
},
{
"date": "2012-08-28T06:01:36",
"db": "PACKETSTORM",
"id": "115966"
},
{
"date": "2012-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-554"
},
{
"date": "2012-08-29T10:56:40.223000",
"db": "NVD",
"id": "CVE-2012-3581"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4495"
},
{
"date": "2013-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-56862"
},
{
"date": "2012-08-27T00:00:00",
"db": "BID",
"id": "55142"
},
{
"date": "2012-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003971"
},
{
"date": "2012-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-554"
},
{
"date": "2024-11-21T01:41:11.233000",
"db": "NVD",
"id": "CVE-2012-3581"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-554"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003971"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-554"
}
],
"trust": 0.6
}
}
var-201706-0551
Vulnerability from variot
The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. Symantec Messaging Gateway Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible. Versions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0551",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-266"
}
],
"sources": [
{
"db": "BID",
"id": "98890"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005272"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-871"
},
{
"db": "NVD",
"id": "CVE-2017-6325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mehmet Dursun Ince",
"sources": [
{
"db": "BID",
"id": "98890"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6325",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2017-6325",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-114528",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.7,
"id": "CVE-2017-6325",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6325",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6325",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-871",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114528",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6325",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114528"
},
{
"db": "VULMON",
"id": "CVE-2017-6325"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005272"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-871"
},
{
"db": "NVD",
"id": "CVE-2017-6325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. Symantec Messaging Gateway Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. \nAn attacker can exploit this issue to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible. \nVersions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6325"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005272"
},
{
"db": "BID",
"id": "98890"
},
{
"db": "VULHUB",
"id": "VHN-114528"
},
{
"db": "VULMON",
"id": "CVE-2017-6325"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6325",
"trust": 2.9
},
{
"db": "BID",
"id": "98890",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1038785",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005272",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-871",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-114528",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6325",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114528"
},
{
"db": "VULMON",
"id": "CVE-2017-6325"
},
{
"db": "BID",
"id": "98890"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005272"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-871"
},
{
"db": "NVD",
"id": "CVE-2017-6325"
}
]
},
"id": "VAR-201706-0551",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114528"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:59.831000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM17-004",
"trust": 0.8,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00#_Symantec_Messaging_Gateway_3"
},
{
"title": "Symantec Security Advisories: Symantec Messaging Gateway Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=87a01cb99de9de36ac7e7d7b134aa96d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-6325"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005272"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114528"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005272"
},
{
"db": "NVD",
"id": "CVE-2017-6325"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170621_00"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/98890"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1038785"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6325"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6325"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "https://www.symantec.com/products/messaging-security/messaging-gateway"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20170621_00"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=54310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114528"
},
{
"db": "VULMON",
"id": "CVE-2017-6325"
},
{
"db": "BID",
"id": "98890"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005272"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-871"
},
{
"db": "NVD",
"id": "CVE-2017-6325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114528"
},
{
"db": "VULMON",
"id": "CVE-2017-6325"
},
{
"db": "BID",
"id": "98890"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005272"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-871"
},
{
"db": "NVD",
"id": "CVE-2017-6325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-26T00:00:00",
"db": "VULHUB",
"id": "VHN-114528"
},
{
"date": "2017-06-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6325"
},
{
"date": "2017-06-21T00:00:00",
"db": "BID",
"id": "98890"
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005272"
},
{
"date": "2017-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-871"
},
{
"date": "2017-06-26T21:29:00.237000",
"db": "NVD",
"id": "CVE-2017-6325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-114528"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6325"
},
{
"date": "2017-06-21T00:00:00",
"db": "BID",
"id": "98890"
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005272"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-871"
},
{
"date": "2024-11-21T03:29:33.960000",
"db": "NVD",
"id": "CVE-2017-6325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-871"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Code injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005272"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-871"
}
],
"trust": 0.6
}
}
var-201712-0243
Vulnerability from variot
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Symantec Messaging Gateway. Authentication is required to exploit this vulnerability.The specific flaw exists within the export servlet. When parsing the snmpFileName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web service. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "messaging gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "symantec",
"version": "10.6.4"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.5.2"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.5.1"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.1"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.4"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.3"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.2"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.3"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.2"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0"
},
{
"_id": null,
"model": "messaging gateway",
"scope": null,
"trust": 0.7,
"vendor": "symantec",
"version": null
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.5.0"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3-3"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-3"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-7"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-3"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"_id": null,
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.4"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1009"
},
{
"db": "BID",
"id": "102096"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011612"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-765"
},
{
"db": "NVD",
"id": "CVE-2017-15532"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011612"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1009"
}
],
"trust": 0.7
},
"cve": "CVE-2017-15532",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CVE-2017-15532",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-15532",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-106364",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2017-15532",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15532",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-15532",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2017-15532",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-765",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-106364",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1009"
},
{
"db": "VULHUB",
"id": "VHN-106364"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011612"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-765"
},
{
"db": "NVD",
"id": "CVE-2017-15532"
}
]
},
"description": {
"_id": null,
"data": "Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Symantec Messaging Gateway. Authentication is required to exploit this vulnerability.The specific flaw exists within the export servlet. When parsing the snmpFileName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web service. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15532"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011612"
},
{
"db": "ZDI",
"id": "ZDI-17-1009"
},
{
"db": "BID",
"id": "102096"
},
{
"db": "VULHUB",
"id": "VHN-106364"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-15532",
"trust": 3.5
},
{
"db": "BID",
"id": "102096",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011612",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4755",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-1009",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201712-765",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-106364",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1009"
},
{
"db": "VULHUB",
"id": "VHN-106364"
},
{
"db": "BID",
"id": "102096"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011612"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-765"
},
{
"db": "NVD",
"id": "CVE-2017-15532"
}
]
},
"id": "VAR-201712-0243",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-106364"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:08:52.883000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SYM17-016",
"trust": 1.5,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00"
},
{
"title": "Symantec Messaging Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77257"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1009"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011612"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-765"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106364"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011612"
},
{
"db": "NVD",
"id": "CVE-2017-15532"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/102096"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15532"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15532"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/messaging-gateway"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20171220_00"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-1009"
},
{
"db": "VULHUB",
"id": "VHN-106364"
},
{
"db": "BID",
"id": "102096"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011612"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-765"
},
{
"db": "NVD",
"id": "CVE-2017-15532"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-17-1009",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-106364",
"ident": null
},
{
"db": "BID",
"id": "102096",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011612",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201712-765",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-15532",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-1009",
"ident": null
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-106364",
"ident": null
},
{
"date": "2017-12-20T00:00:00",
"db": "BID",
"id": "102096",
"ident": null
},
{
"date": "2018-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011612",
"ident": null
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-765",
"ident": null
},
{
"date": "2017-12-20T18:29:00.950000",
"db": "NVD",
"id": "CVE-2017-15532",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-17-1009",
"ident": null
},
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-106364",
"ident": null
},
{
"date": "2017-12-20T00:00:00",
"db": "BID",
"id": "102096",
"ident": null
},
{
"date": "2018-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011612",
"ident": null
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-765",
"ident": null
},
{
"date": "2024-11-21T03:14:43.943000",
"db": "NVD",
"id": "CVE-2017-15532",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-765"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Symantec Messaging Gateway Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011612"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-765"
}
],
"trust": 0.6
}
}
var-201809-0139
Vulnerability from variot
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Versions prior to Messaging Gateway 10.6.6 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0139",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "symantec",
"version": "10.6.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.5.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-267"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-266"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-7"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.6"
}
],
"sources": [
{
"db": "BID",
"id": "105330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011521"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-888"
},
{
"db": "NVD",
"id": "CVE-2018-12243"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011521"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Artem Kondratenko, Arseny Sharoglazov, Alexey Osipov from Kaspersky Lab Security Services @kl_secservices",
"sources": [
{
"db": "BID",
"id": "105330"
}
],
"trust": 0.3
},
"cve": "CVE-2018-12243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2018-12243",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-122183",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-12243",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12243",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-12243",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-888",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122183",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122183"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011521"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-888"
},
{
"db": "NVD",
"id": "CVE-2018-12243"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible. \nAttackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. \nVersions prior to Messaging Gateway 10.6.6 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011521"
},
{
"db": "BID",
"id": "105330"
},
{
"db": "VULHUB",
"id": "VHN-122183"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12243",
"trust": 2.8
},
{
"db": "BID",
"id": "105330",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011521",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-888",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122183",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122183"
},
{
"db": "BID",
"id": "105330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011521"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-888"
},
{
"db": "NVD",
"id": "CVE-2018-12243"
}
]
},
"id": "VAR-201809-0139",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122183"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:21:56.446000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1461",
"trust": 0.8,
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"title": "Symantec Messaging Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85007"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011521"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-888"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122183"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011521"
},
{
"db": "NVD",
"id": "CVE-2018-12243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.symantec.com/en_us/article.symsa1461.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/105330"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12243"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12243"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122183"
},
{
"db": "BID",
"id": "105330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011521"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-888"
},
{
"db": "NVD",
"id": "CVE-2018-12243"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122183"
},
{
"db": "BID",
"id": "105330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011521"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-888"
},
{
"db": "NVD",
"id": "CVE-2018-12243"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-122183"
},
{
"date": "2018-09-19T00:00:00",
"db": "BID",
"id": "105330"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011521"
},
{
"date": "2018-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-888"
},
{
"date": "2018-09-19T15:29:19.217000",
"db": "NVD",
"id": "CVE-2018-12243"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-122183"
},
{
"date": "2018-09-19T00:00:00",
"db": "BID",
"id": "105330"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011521"
},
{
"date": "2018-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-888"
},
{
"date": "2024-11-21T03:44:50.910000",
"db": "NVD",
"id": "CVE-2018-12243"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-888"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway In XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011521"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-888"
}
],
"trust": 0.6
}
}
var-201704-0125
Vulnerability from variot
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. Symantec Messaging Gateway is prone to a directory-traversal vulnerability. An attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. Charting is one of the charting components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-7"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
}
],
"sources": [
{
"db": "BID",
"id": "93148"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008434"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-609"
},
{
"db": "NVD",
"id": "CVE-2016-5312"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008434"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rio Sherri (S\u0026T Albania).",
"sources": [
{
"db": "BID",
"id": "93148"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-609"
}
],
"trust": 0.9
},
"cve": "CVE-2016-5312",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-5312",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-94131",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-5312",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5312",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5312",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-609",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94131",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94131"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008434"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-609"
},
{
"db": "NVD",
"id": "CVE-2016-5312"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. Symantec Messaging Gateway is prone to a directory-traversal vulnerability. \nAn attackers can use specially crafted requests with directory-traversal sequences (\u0027../\u0027) to read arbitrary files in the context of the application. This may aid in further attacks. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. Charting is one of the charting components",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5312"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008434"
},
{
"db": "BID",
"id": "93148"
},
{
"db": "VULHUB",
"id": "VHN-94131"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-94131",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94131"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5312",
"trust": 2.8
},
{
"db": "BID",
"id": "93148",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1036908",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "138891",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "40437",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008434",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-609",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94131",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94131"
},
{
"db": "BID",
"id": "93148"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008434"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-609"
},
{
"db": "NVD",
"id": "CVE-2016-5312"
}
]
},
"id": "VAR-201704-0125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94131"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:30:49.667000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM16-016",
"trust": 0.8,
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160927_00"
},
{
"title": "Symantec Messaging Gateway Fixes for directory traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64388"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008434"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-609"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94131"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008434"
},
{
"db": "NVD",
"id": "CVE-2016-5312"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160927_00"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93148"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/40437/"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2016/sep/71"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/138891/symantec-messaging-gateway-10.6.1-directory-traversal.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036908"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5312"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5312"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/messaging-gateway"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20160927_00"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94131"
},
{
"db": "BID",
"id": "93148"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008434"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-609"
},
{
"db": "NVD",
"id": "CVE-2016-5312"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94131"
},
{
"db": "BID",
"id": "93148"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008434"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-609"
},
{
"db": "NVD",
"id": "CVE-2016-5312"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-94131"
},
{
"date": "2016-09-27T00:00:00",
"db": "BID",
"id": "93148"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008434"
},
{
"date": "2016-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-609"
},
{
"date": "2017-04-14T18:59:00.640000",
"db": "NVD",
"id": "CVE-2016-5312"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-94131"
},
{
"date": "2016-09-28T00:02:00",
"db": "BID",
"id": "93148"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008434"
},
{
"date": "2017-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-609"
},
{
"date": "2024-11-21T02:54:04.780000",
"db": "NVD",
"id": "CVE-2016-5312"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-609"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway of charting Directory traversal vulnerability in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008434"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-609"
}
],
"trust": 0.6
}
}
var-202212-1018
Vulnerability from variot
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). Symantec's Symantec Messaging Gateway Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "symantec",
"version": "10.8"
},
{
"model": "symantec messaging gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30de\u30f3\u30c6\u30c3\u30af",
"version": null
},
{
"model": "symantec messaging gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30de\u30f3\u30c6\u30c3\u30af",
"version": "10.8"
},
{
"model": "symantec messaging gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30de\u30f3\u30c6\u30c3\u30af",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022592"
},
{
"db": "NVD",
"id": "CVE-2022-25629"
}
]
},
"cve": "CVE-2022-25629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2022-25629",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-25629",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-25629",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-25629",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-2773",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022592"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2773"
},
{
"db": "NVD",
"id": "CVE-2022-25629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). Symantec\u0027s Symantec Messaging Gateway Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022592"
},
{
"db": "VULHUB",
"id": "VHN-416449"
},
{
"db": "VULMON",
"id": "CVE-2022-25629"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25629",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022592",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2773",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-416449",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-25629",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416449"
},
{
"db": "VULMON",
"id": "CVE-2022-25629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022592"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2773"
},
{
"db": "NVD",
"id": "CVE-2022-25629"
}
]
},
"id": "VAR-202212-1018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-416449"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:52:53.073000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Broadcom Symantec Messaging Gateway Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=217193"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2773"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416449"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022592"
},
{
"db": "NVD",
"id": "CVE-2022-25629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/securityadvisories/0/21115"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25629"
},
{
"trust": 0.7,
"url": "https://support.broadcom.com/external/content/securityadvisories/0/21115"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25629/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-416449"
},
{
"db": "VULMON",
"id": "CVE-2022-25629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022592"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2773"
},
{
"db": "NVD",
"id": "CVE-2022-25629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-416449"
},
{
"db": "VULMON",
"id": "CVE-2022-25629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022592"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2773"
},
{
"db": "NVD",
"id": "CVE-2022-25629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-416449"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25629"
},
{
"date": "2023-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022592"
},
{
"date": "2022-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2773"
},
{
"date": "2022-12-09T18:15:18.017000",
"db": "NVD",
"id": "CVE-2022-25629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-416449"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25629"
},
{
"date": "2023-11-17T08:22:00",
"db": "JVNDB",
"id": "JVNDB-2022-022592"
},
{
"date": "2023-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2773"
},
{
"date": "2023-03-01T18:20:14.680000",
"db": "NVD",
"id": "CVE-2022-25629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2773"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec\u0027s \u00a0Symantec\u00a0Messaging\u00a0Gateway\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022592"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2773"
}
],
"trust": 0.6
}
}
var-201208-0524
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. Allows an attacker to build a malicious URI, entice an administrator to resolve, and perform malicious actions in the target user context. Other attacks are also possible. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta
TITLE: Symantec Messaging Gateway Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50435
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
RELEASE DATE: 2012-08-28
DISCUSS ADVISORY: http://secunia.com/advisories/50435/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50435/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Symantec Messaging Gateway, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting and request forgery attacks.
1) Certain input passed via web or email content is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. gain administrative access when a logged-in administrative user visits a specially crafted web page.
3) An error within the management interface can be exploited to perform otherwise restricted actions and e.g. modify the underlying web application.
4) The weakness is caused due to the application disclosing detailed component version information.
The vulnerabilities are reported in versions 9.5.x and prior.
SOLUTION: Upgrade to version 10.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Williams, NGS Secure.
ORIGINAL ADVISORY: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "eq",
"trust": 2.5,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 2.5,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "9.5.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4493"
},
{
"db": "BID",
"id": "55137"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003968"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-557"
},
{
"db": "NVD",
"id": "CVE-2012-0308"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003968"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Williams",
"sources": [
{
"db": "BID",
"id": "55137"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-557"
}
],
"trust": 0.9
},
"cve": "CVE-2012-0308",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2012-0308",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-53589",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0308",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-0308",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-557",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-53589",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53589"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003968"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-557"
},
{
"db": "NVD",
"id": "CVE-2012-0308"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. Allows an attacker to build a malicious URI, entice an administrator to resolve, and perform malicious actions in the target user context. Other attacks are also possible. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------\n\nThe new Secunia CSI 6.0 is now available in beta!\nSeamless integration with your existing security solutions Sign-up to \nbecome a Beta tester: http://secunia.com/csi6beta\n\n----------------------------------------------------------------------\n\nTITLE:\nSymantec Messaging Gateway Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50435\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50435/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435\n\nRELEASE DATE:\n2012-08-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50435/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50435/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and multiple vulnerabilities have been reported in\nSymantec Messaging Gateway, which can be exploited by malicious users\nto bypass certain security restrictions and by malicious people to\ndisclose certain sensitive information and conduct cross-site\nscripting and request forgery attacks. \n\n1) Certain input passed via web or email content is not properly\nsanitised before being returned to the user. This can be exploited to\nexecute arbitrary HTML and script code in a user\u0027s browser session. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to e.g. gain administrative access\nwhen a logged-in administrative user visits a specially crafted web\npage. \n\n3) An error within the management interface can be exploited to\nperform otherwise restricted actions and e.g. modify the underlying\nweb application. \n\n4) The weakness is caused due to the application disclosing detailed\ncomponent version information. \n\nThe vulnerabilities are reported in versions 9.5.x and prior. \n\nSOLUTION:\nUpgrade to version 10. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Ben Williams, NGS Secure. \n\nORIGINAL ADVISORY:\nhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0308"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003968"
},
{
"db": "CNVD",
"id": "CNVD-2012-4493"
},
{
"db": "BID",
"id": "55137"
},
{
"db": "VULHUB",
"id": "VHN-53589"
},
{
"db": "PACKETSTORM",
"id": "115966"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-53589",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53589"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0308",
"trust": 3.4
},
{
"db": "BID",
"id": "55137",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003968",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201208-557",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "50435",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-4493",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20474",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "23109",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76887",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-53589",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115966",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4493"
},
{
"db": "VULHUB",
"id": "VHN-53589"
},
{
"db": "BID",
"id": "55137"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003968"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-557"
},
{
"db": "NVD",
"id": "CVE-2012-0308"
}
]
},
"id": "VAR-201208-0524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4493"
},
{
"db": "VULHUB",
"id": "VHN-53589"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4493"
}
]
},
"last_update_date": "2024-11-23T22:23:22.727000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM12-013",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"title": "SYM12-013",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20120827_00"
},
{
"title": "Patch for Symantec Messaging Gateway Cross-Site Request Forgery Vulnerability (CNVD-2012-4493)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/20814"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4493"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003968"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53589"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003968"
},
{
"db": "NVD",
"id": "CVE-2012-0308"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/55137"
},
{
"trust": 1.7,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0308"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0308"
},
{
"trust": 0.6,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisoryhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50435"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20474"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=2012\u0026amp;suid=20120827_00"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50435/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/csi6beta"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50435/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4493"
},
{
"db": "VULHUB",
"id": "VHN-53589"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003968"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-557"
},
{
"db": "NVD",
"id": "CVE-2012-0308"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-4493"
},
{
"db": "VULHUB",
"id": "VHN-53589"
},
{
"db": "BID",
"id": "55137"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003968"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-557"
},
{
"db": "NVD",
"id": "CVE-2012-0308"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4493"
},
{
"date": "2012-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-53589"
},
{
"date": "2012-08-27T00:00:00",
"db": "BID",
"id": "55137"
},
{
"date": "2012-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003968"
},
{
"date": "2012-08-28T06:01:36",
"db": "PACKETSTORM",
"id": "115966"
},
{
"date": "2012-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-557"
},
{
"date": "2012-08-29T10:56:39.270000",
"db": "NVD",
"id": "CVE-2012-0308"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4493"
},
{
"date": "2013-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-53589"
},
{
"date": "2012-12-03T07:40:00",
"db": "BID",
"id": "55137"
},
{
"date": "2012-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003968"
},
{
"date": "2012-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-557"
},
{
"date": "2024-11-21T01:34:46.260000",
"db": "NVD",
"id": "CVE-2012-0308"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-557"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003968"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-557"
}
],
"trust": 0.6
}
}
var-201208-0496
Vulnerability from variot
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. Allows non-privileged users to exploit this vulnerability to gain privileged access to the application. Successful attacks can allow an attacker to obtain sensitive information, bypass certain security restrictions, and perform unauthorized administrative actions. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta
TITLE: Symantec Messaging Gateway Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50435
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
RELEASE DATE: 2012-08-28
DISCUSS ADVISORY: http://secunia.com/advisories/50435/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50435/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Symantec Messaging Gateway, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting and request forgery attacks.
1) Certain input passed via web or email content is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. gain administrative access when a logged-in administrative user visits a specially crafted web page.
3) An error within the management interface can be exploited to perform otherwise restricted actions and e.g. modify the underlying web application.
4) The weakness is caused due to the application disclosing detailed component version information.
The vulnerabilities are reported in versions 9.5.x and prior.
SOLUTION: Upgrade to version 10.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Williams, NGS Secure.
ORIGINAL ADVISORY: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0496",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "eq",
"trust": 2.5,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 2.5,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "9.5.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4498"
},
{
"db": "BID",
"id": "55143"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003969"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-553"
},
{
"db": "NVD",
"id": "CVE-2012-3579"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003969"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Florian Lukavsky with SEC Consulting",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-553"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3579",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "CVE-2012-3579",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "VHN-56860",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3579",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-3579",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-553",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-56860",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56860"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003969"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-553"
},
{
"db": "NVD",
"id": "CVE-2012-3579"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. Allows non-privileged users to exploit this vulnerability to gain privileged access to the application. Successful attacks can allow an attacker to obtain sensitive information, bypass certain security restrictions, and perform unauthorized administrative actions. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------\n\nThe new Secunia CSI 6.0 is now available in beta!\nSeamless integration with your existing security solutions Sign-up to \nbecome a Beta tester: http://secunia.com/csi6beta\n\n----------------------------------------------------------------------\n\nTITLE:\nSymantec Messaging Gateway Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50435\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50435/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435\n\nRELEASE DATE:\n2012-08-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50435/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50435/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and multiple vulnerabilities have been reported in\nSymantec Messaging Gateway, which can be exploited by malicious users\nto bypass certain security restrictions and by malicious people to\ndisclose certain sensitive information and conduct cross-site\nscripting and request forgery attacks. \n\n1) Certain input passed via web or email content is not properly\nsanitised before being returned to the user. This can be exploited to\nexecute arbitrary HTML and script code in a user\u0027s browser session. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to e.g. gain administrative access\nwhen a logged-in administrative user visits a specially crafted web\npage. \n\n3) An error within the management interface can be exploited to\nperform otherwise restricted actions and e.g. modify the underlying\nweb application. \n\n4) The weakness is caused due to the application disclosing detailed\ncomponent version information. \n\nThe vulnerabilities are reported in versions 9.5.x and prior. \n\nSOLUTION:\nUpgrade to version 10. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Ben Williams, NGS Secure. \n\nORIGINAL ADVISORY:\nhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3579"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003969"
},
{
"db": "CNVD",
"id": "CNVD-2012-4498"
},
{
"db": "BID",
"id": "55143"
},
{
"db": "VULHUB",
"id": "VHN-56860"
},
{
"db": "PACKETSTORM",
"id": "115966"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-56860",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56860"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3579",
"trust": 3.4
},
{
"db": "BID",
"id": "55143",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "116277",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003969",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201208-553",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "50435",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-4498",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20470",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-74975",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "21136",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-56860",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115966",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4498"
},
{
"db": "VULHUB",
"id": "VHN-56860"
},
{
"db": "BID",
"id": "55143"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003969"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-553"
},
{
"db": "NVD",
"id": "CVE-2012-3579"
}
]
},
"id": "VAR-201208-0496",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4498"
},
{
"db": "VULHUB",
"id": "VHN-56860"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4498"
}
]
},
"last_update_date": "2024-11-23T22:23:22.861000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM12-013",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"title": "SYM12-013",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20120827_00"
},
{
"title": "Symantec Messaging Gateway SSH default password security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/20831"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4498"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003969"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56860"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003969"
},
{
"db": "NVD",
"id": "CVE-2012-3579"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/55143"
},
{
"trust": 1.7,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/116277/symantec-messaging-gateway-9.5-default-ssh-password.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78034"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3579"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3579"
},
{
"trust": 0.6,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisoryhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50435"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20470"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=2012\u0026amp;suid=20120827_00"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50435/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/csi6beta"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50435/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4498"
},
{
"db": "VULHUB",
"id": "VHN-56860"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003969"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-553"
},
{
"db": "NVD",
"id": "CVE-2012-3579"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-4498"
},
{
"db": "VULHUB",
"id": "VHN-56860"
},
{
"db": "BID",
"id": "55143"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003969"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-553"
},
{
"db": "NVD",
"id": "CVE-2012-3579"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4498"
},
{
"date": "2012-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-56860"
},
{
"date": "2012-08-27T00:00:00",
"db": "BID",
"id": "55143"
},
{
"date": "2012-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003969"
},
{
"date": "2012-08-28T06:01:36",
"db": "PACKETSTORM",
"id": "115966"
},
{
"date": "2012-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-553"
},
{
"date": "2012-08-29T10:56:40.143000",
"db": "NVD",
"id": "CVE-2012-3579"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4498"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-56860"
},
{
"date": "2012-09-07T11:10:00",
"db": "BID",
"id": "55143"
},
{
"date": "2012-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003969"
},
{
"date": "2012-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-553"
},
{
"date": "2024-11-21T01:41:10.963000",
"db": "NVD",
"id": "CVE-2012-3579"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-553"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway SSH default password security bypass vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4498"
},
{
"db": "BID",
"id": "55143"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-553"
}
],
"trust": 1.5
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-553"
}
],
"trust": 0.6
}
}
var-201404-0405
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials, hijack the browser session, and launch other attacks. Symantec Messaging Gateway 10.0.0 through versions prior to 10.5.2 are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.5.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-473"
},
{
"db": "NVD",
"id": "CVE-2014-1648"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "William Costa",
"sources": [
{
"db": "BID",
"id": "66966"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1648",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1648",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-69587",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1648",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1648",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-473",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69587",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69587"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-473"
},
{
"db": "NVD",
"id": "CVE-2014-1648"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials, hijack the browser session, and launch other attacks. \nSymantec Messaging Gateway 10.0.0 through versions prior to 10.5.2 are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1648"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002227"
},
{
"db": "BID",
"id": "66966"
},
{
"db": "VULHUB",
"id": "VHN-69587"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-69587",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69587"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1648",
"trust": 2.8
},
{
"db": "BID",
"id": "66966",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1030136",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002227",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-473",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "58047",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20140422 (CVE-2014-1648) SYMANTEC MESSAGING GATEWAY MANAGEMENT CONSOLE CROSS SITE SCRIPTING VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "126264",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69587",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69587"
},
{
"db": "BID",
"id": "66966"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-473"
},
{
"db": "NVD",
"id": "CVE-2014-1648"
}
]
},
"id": "VAR-201404-0405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69587"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:27:20.619000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM14-006",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140422_00"
},
{
"title": "SYM14-006",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140422_00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69587"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002227"
},
{
"db": "NVD",
"id": "CVE-2014-1648"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/66966"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2014/apr/256"
},
{
"trust": 1.6,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140422_00"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030136"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1648"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1648"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/58047"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20140422_00"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69587"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-473"
},
{
"db": "NVD",
"id": "CVE-2014-1648"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-69587"
},
{
"db": "BID",
"id": "66966"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-473"
},
{
"db": "NVD",
"id": "CVE-2014-1648"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-69587"
},
{
"date": "2014-04-22T00:00:00",
"db": "BID",
"id": "66966"
},
{
"date": "2014-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002227"
},
{
"date": "2014-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-473"
},
{
"date": "2014-04-23T11:52:59.587000",
"db": "NVD",
"id": "CVE-2014-1648"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-69587"
},
{
"date": "2014-04-22T00:00:00",
"db": "BID",
"id": "66966"
},
{
"date": "2014-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002227"
},
{
"date": "2014-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-473"
},
{
"date": "2024-11-21T02:04:46.580000",
"db": "NVD",
"id": "CVE-2014-1648"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-473"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Management console cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-473"
}
],
"trust": 0.6
}
}
var-201208-0497
Vulnerability from variot
Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. Symantec Messaging Gateway is prone to a security-bypass vulnerability. Symantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta
TITLE: Symantec Messaging Gateway Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50435
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
RELEASE DATE: 2012-08-28
DISCUSS ADVISORY: http://secunia.com/advisories/50435/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50435/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Symantec Messaging Gateway, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting and request forgery attacks.
1) Certain input passed via web or email content is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. gain administrative access when a logged-in administrative user visits a specially crafted web page.
3) An error within the management interface can be exploited to perform otherwise restricted actions and e.g. modify the underlying web application.
4) The weakness is caused due to the application disclosing detailed component version information.
The vulnerabilities are reported in versions 9.5.x and prior.
SOLUTION: Upgrade to version 10.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Williams, NGS Secure.
ORIGINAL ADVISORY: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0497",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "eq",
"trust": 2.5,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 2.5,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "9.5.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4494"
},
{
"db": "BID",
"id": "55141"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003970"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-555"
},
{
"db": "NVD",
"id": "CVE-2012-3580"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003970"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Williams",
"sources": [
{
"db": "BID",
"id": "55141"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-555"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3580",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CVE-2012-3580",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-56861",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3580",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-3580",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-555",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-56861",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56861"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003970"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-555"
},
{
"db": "NVD",
"id": "CVE-2012-3580"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. Symantec Messaging Gateway is prone to a security-bypass vulnerability. \nSymantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------\n\nThe new Secunia CSI 6.0 is now available in beta!\nSeamless integration with your existing security solutions Sign-up to \nbecome a Beta tester: http://secunia.com/csi6beta\n\n----------------------------------------------------------------------\n\nTITLE:\nSymantec Messaging Gateway Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50435\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50435/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435\n\nRELEASE DATE:\n2012-08-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50435/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50435/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and multiple vulnerabilities have been reported in\nSymantec Messaging Gateway, which can be exploited by malicious users\nto bypass certain security restrictions and by malicious people to\ndisclose certain sensitive information and conduct cross-site\nscripting and request forgery attacks. \n\n1) Certain input passed via web or email content is not properly\nsanitised before being returned to the user. This can be exploited to\nexecute arbitrary HTML and script code in a user\u0027s browser session. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to e.g. gain administrative access\nwhen a logged-in administrative user visits a specially crafted web\npage. \n\n3) An error within the management interface can be exploited to\nperform otherwise restricted actions and e.g. modify the underlying\nweb application. \n\n4) The weakness is caused due to the application disclosing detailed\ncomponent version information. \n\nThe vulnerabilities are reported in versions 9.5.x and prior. \n\nSOLUTION:\nUpgrade to version 10. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Ben Williams, NGS Secure. \n\nORIGINAL ADVISORY:\nhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3580"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003970"
},
{
"db": "CNVD",
"id": "CNVD-2012-4494"
},
{
"db": "BID",
"id": "55141"
},
{
"db": "VULHUB",
"id": "VHN-56861"
},
{
"db": "PACKETSTORM",
"id": "115966"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3580",
"trust": 3.4
},
{
"db": "BID",
"id": "55141",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003970",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201208-555",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "50435",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-4494",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20472",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-56861",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115966",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4494"
},
{
"db": "VULHUB",
"id": "VHN-56861"
},
{
"db": "BID",
"id": "55141"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003970"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-555"
},
{
"db": "NVD",
"id": "CVE-2012-3580"
}
]
},
"id": "VAR-201208-0497",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4494"
},
{
"db": "VULHUB",
"id": "VHN-56861"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4494"
}
]
},
"last_update_date": "2024-11-23T22:23:22.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYM12-013",
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"title": "SYM12-013",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20120827_00"
},
{
"title": "Patch for Symantec Messaging Gateway Security Bypass Vulnerability (CNVD-2012-4494)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/20815"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4494"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003970"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3580"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2012\u0026suid=20120827_00"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/55141"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78032"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3580"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3580"
},
{
"trust": 0.6,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisoryhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50435"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20472"
},
{
"trust": 0.3,
"url": "http://www.symantec.com/messaging-gateway"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=2012\u0026amp;suid=20120827_00"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50435"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50435/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/csi6beta"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50435/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4494"
},
{
"db": "VULHUB",
"id": "VHN-56861"
},
{
"db": "BID",
"id": "55141"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003970"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-555"
},
{
"db": "NVD",
"id": "CVE-2012-3580"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-4494"
},
{
"db": "VULHUB",
"id": "VHN-56861"
},
{
"db": "BID",
"id": "55141"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003970"
},
{
"db": "PACKETSTORM",
"id": "115966"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-555"
},
{
"db": "NVD",
"id": "CVE-2012-3580"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4494"
},
{
"date": "2012-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-56861"
},
{
"date": "2012-08-27T00:00:00",
"db": "BID",
"id": "55141"
},
{
"date": "2012-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003970"
},
{
"date": "2012-08-28T06:01:36",
"db": "PACKETSTORM",
"id": "115966"
},
{
"date": "2012-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-555"
},
{
"date": "2012-08-29T10:56:40.190000",
"db": "NVD",
"id": "CVE-2012-3580"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4494"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-56861"
},
{
"date": "2012-08-27T00:00:00",
"db": "BID",
"id": "55141"
},
{
"date": "2012-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003970"
},
{
"date": "2012-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-555"
},
{
"date": "2024-11-21T01:41:11.100000",
"db": "NVD",
"id": "CVE-2012-3580"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-555"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway In Web Application modification vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003970"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-555"
}
],
"trust": 0.6
}
}
var-201910-0323
Vulnerability from variot
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. This vulnerability stems from configuration errors in network systems or products during operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0323",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "symantec",
"version": "10.7.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.7"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-266"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-7"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-267"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
}
],
"sources": [
{
"db": "BID",
"id": "108303"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011356"
},
{
"db": "NVD",
"id": "CVE-2019-9699"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:messaging_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011356"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Muhammad Nafees",
"sources": [
{
"db": "BID",
"id": "108303"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-709"
}
],
"trust": 0.9
},
"cve": "CVE-2019-9699",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2019-9699",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-161134",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2019-9699",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9699",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9699",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-9699",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-709",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-161134",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161134"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011356"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-709"
},
{
"db": "NVD",
"id": "CVE-2019-9699"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. \nAttackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. This vulnerability stems from configuration errors in network systems or products during operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9699"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011356"
},
{
"db": "BID",
"id": "108303"
},
{
"db": "VULHUB",
"id": "VHN-161134"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9699",
"trust": 2.8
},
{
"db": "BID",
"id": "108303",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011356",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-709",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1784",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161134",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161134"
},
{
"db": "BID",
"id": "108303"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011356"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-709"
},
{
"db": "NVD",
"id": "CVE-2019-9699"
}
]
},
"id": "VAR-201910-0323",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-161134"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:55:26.099000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1482",
"trust": 0.8,
"url": "https://support.symantec.com/us/en/article.symsa1482.html"
},
{
"title": "Symantec Messaging Gateway Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92846"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011356"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-709"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161134"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011356"
},
{
"db": "NVD",
"id": "CVE-2019-9699"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.symantec.com/en_us/article.symsa1482.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9699"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/108303"
},
{
"trust": 0.9,
"url": "http://www.symantec.com/messaging-gateway"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9699"
},
{
"trust": 0.6,
"url": "http://support.symantec.com/content/unifiedweb/en_us/article.symsa1482.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/81222"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1784/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161134"
},
{
"db": "BID",
"id": "108303"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011356"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-709"
},
{
"db": "NVD",
"id": "CVE-2019-9699"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-161134"
},
{
"db": "BID",
"id": "108303"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011356"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-709"
},
{
"db": "NVD",
"id": "CVE-2019-9699"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-161134"
},
{
"date": "2019-05-16T00:00:00",
"db": "BID",
"id": "108303"
},
{
"date": "2019-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011356"
},
{
"date": "2019-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-709"
},
{
"date": "2019-10-24T16:15:21.097000",
"db": "NVD",
"id": "CVE-2019-9699"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-161134"
},
{
"date": "2019-05-16T00:00:00",
"db": "BID",
"id": "108303"
},
{
"date": "2019-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011356"
},
{
"date": "2019-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-709"
},
{
"date": "2024-11-21T04:52:07.937000",
"db": "NVD",
"id": "CVE-2019-9699"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-709"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011356"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-709"
}
],
"trust": 0.6
}
}
var-201907-0220
Vulnerability from variot
Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on an affected system. Symantec Messaging Gateway versions prior to 10.7.1 are vulnerable. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "message gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "symantec",
"version": "10.7.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.7"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-267"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3-266"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-7"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.0-3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.7.1"
}
],
"sources": [
{
"db": "BID",
"id": "108925"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006487"
},
{
"db": "NVD",
"id": "CVE-2019-12751"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:message_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dave",
"sources": [
{
"db": "BID",
"id": "108925"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-608"
}
],
"trust": 0.9
},
"cve": "CVE-2019-12751",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-12751",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-144529",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-12751",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-12751",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-12751",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-608",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-144529",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144529"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006487"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-608"
},
{
"db": "NVD",
"id": "CVE-2019-12751"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a privilege-escalation vulnerability. \nAn attacker can exploit this issue to gain elevated privileges on an affected system. \nSymantec Messaging Gateway versions prior to 10.7.1 are vulnerable. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12751"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006487"
},
{
"db": "BID",
"id": "108925"
},
{
"db": "VULHUB",
"id": "VHN-144529"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12751",
"trust": 2.8
},
{
"db": "BID",
"id": "108925",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006487",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-608",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-144529",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144529"
},
{
"db": "BID",
"id": "108925"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006487"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-608"
},
{
"db": "NVD",
"id": "CVE-2019-12751"
}
]
},
"id": "VAR-201907-0220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-144529"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:16:58.053000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1486",
"trust": 0.8,
"url": "https://support.symantec.com/us/en/article.SYMSA1486.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006487"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144529"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006487"
},
{
"db": "NVD",
"id": "CVE-2019-12751"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.symantec.com/us/en/article.symsa1486.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/108925"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12751"
},
{
"trust": 0.9,
"url": "http://www.symantec.com"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12751"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144529"
},
{
"db": "BID",
"id": "108925"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006487"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-608"
},
{
"db": "NVD",
"id": "CVE-2019-12751"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-144529"
},
{
"db": "BID",
"id": "108925"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006487"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-608"
},
{
"db": "NVD",
"id": "CVE-2019-12751"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-144529"
},
{
"date": "2019-07-10T00:00:00",
"db": "BID",
"id": "108925"
},
{
"date": "2019-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006487"
},
{
"date": "2019-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-608"
},
{
"date": "2019-07-11T21:15:09.733000",
"db": "NVD",
"id": "CVE-2019-12751"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-144529"
},
{
"date": "2019-07-12T03:00:00",
"db": "BID",
"id": "108925"
},
{
"date": "2019-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006487"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-608"
},
{
"date": "2024-11-21T04:23:29.897000",
"db": "NVD",
"id": "CVE-2019-12751"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-608"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006487"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-608"
}
],
"trust": 0.6
}
}
cve-2024-23614
Vulnerability from cvelistv5
Published
2024-01-25 23:32
Modified
2024-09-05 18:28
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-stack-buffer-overflow-remote-code-execution/ | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec | Messaging Gateway |
Version: 0 ≤ 9.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-stack-buffer-overflow-remote-code-execution/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:26:52.490922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:28:07.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Messaging Gateway",
"vendor": "Symantec",
"versions": [
{
"lessThanOrEqual": "9.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.\u003cbr\u003e"
}
],
"value": "A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T23:32:21.154Z",
"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"shortName": "XI"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-stack-buffer-overflow-remote-code-execution/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Symantec Messaging Gateway Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"assignerShortName": "XI",
"cveId": "CVE-2024-23614",
"datePublished": "2024-01-25T23:32:21.154Z",
"dateReserved": "2024-01-18T21:37:15.392Z",
"dateUpdated": "2024-09-05T18:28:07.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23615
Vulnerability from cvelistv5
Published
2024-01-25 23:32
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec | Messaging Gateway |
Version: 0 ≤ 10.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-libdec2lha-so-stack-buffer-overflow-remote-code-execution/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Messaging Gateway",
"vendor": "Symantec",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.\u003cbr\u003e"
}
],
"value": "A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T23:32:23.512Z",
"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"shortName": "XI"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-libdec2lha-so-stack-buffer-overflow-remote-code-execution/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Symantec Messaging Gateway Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67",
"assignerShortName": "XI",
"cveId": "CVE-2024-23615",
"datePublished": "2024-01-25T23:32:23.512Z",
"dateReserved": "2024-01-18T21:37:15.392Z",
"dateUpdated": "2024-08-01T23:06:25.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}